GnuPG 1.2.4 fetches revoked key

Malte Gell malte.gell at
Tue May 18 01:59:09 CEST 2004

As Atom recently described it I transformed my former key 0x00FCC016 
into a subkey, now with 0xABBA7881 being the new primary key id. After 
that I revoked the old key.

Now, SKS keyservers are able to find the primary key id if a message was 
signed with a subkey. The strange thing is now that gpg 1.2.4 fetches 
the old revoked key as well, "include-revoked" is NOT set or used.

This is confusing people who automatically fetch keys not in their 
keyring and wonder why the message seem to be signed with a revoked 

Of course, this is a "special case" if someone transforms a key into a 
subkey, nevertheless, GnuPG should not fetch a revoked key until told 
to do so, right? Is this a situation gpg is not aware of, or is it the 
SKS keyserver that shouldn't have sent the revoked key?


[malte_gell at linux]~/.gnupg2· gpg --recv-key 0x00FCC016

gpgkeys: WARNING: this is an *experimental* HKP interface!
gpg: key 00FCC016: public key "Malte Gell <malte_gellt-onlinede>" 
gpg: key ABBA7881: public key "[User id not found]" imported
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 1)

[malte_gell at linux]~/.gnupg2· gpg --list-keys

pub  1024D/00FCC016 2002-11-09 Malte Gell <malte_gellt-onlinede>
which is revoked and shouldn't have been fetched?
uid                            Malte Gell <malte.gellgmxde>
sub  2048g/AE55B221 2002-11-09 [expires: 2005-01-01]

pub  4096R/ABBA7881 2004-05-12 Malte Gell <malte_gellt-onlinede>
uid                            Malte Gell <malte.gellgmxde>
sub  1024D/00FCC016 2002-11-09 [expires: 2005-01-01]
sub  2048g/AE55B221 2002-11-09 [expires: 2005-01-01]

More information about the Gnupg-users mailing list