subkeys problem

Jason Harris jharris at widomaker.com
Thu Feb 17 01:34:28 CET 2005


On Wed, Feb 16, 2005 at 10:23:38PM +0000, Andy Smith wrote:
 
> I have a gpg key, which can be found at
> http://strugglers.net/pubkey.asc or on keyservers; 0xBF15490B.
 
> A while ago I decided to revoke the encryption key and generate a
> new encryption key with 2048 bits instead of 1024.  I thought it had
> worked so went ahead and revoked the encryption subkey, 0x9EE99022.
> The new encryption subkey is 0x604DE5DB.
 
> The problem is that, I still receive things encrypted to 0x9EE99022.

> Someone said this was something to do with subkeys and that I should
> use the keyserver subkeys.pgp.net.  Using that keyserver I can
> upload something that does seem to represent my key properly, but
> others (who also use gpg) cannot get my key from there.

Your key on the SKS servers has a lot of subkey signatures
misplaced on userids:

  %gpg -v --keyserver keyserver.noreply.org --recv 0x604DE5DB
  gpg: requesting key 604DE5DB from hkp server keyserver.noreply.org
  Host:           keyserver.noreply.org
  Command:        GET
  gpgkeys: HTTP URL is `hkp://keyserver.noreply.org/pks/lookup?op=get&options=mr&search=0x604DE5DB'
  gpg: armor header: Version: SKS 1.0.9
  gpg: pub  1024D/BF15490B 1998-08-12  Andy J. Smith <[elided]>
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: no subkey for subkey revocation signature
  gpg: key BF15490B: no subkey for key revocation
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: removed multiple subkey binding
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: invalid subkey binding
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: invalid subkey revocation
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: subkey signature in wrong place - skipped
  gpg: key BF15490B: skipped subkey
  gpg: key BF15490B: public key "Andy Smith <andy at strugglers.net>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1

but it looks like most of its subkeys are in order:

  %gpg -v ...
  [snip]
  sub   2048g/9EE99022 1998-08-12 [revoked: 2002-03-30]
  sig!         BF15490B 1998-08-12  Andy Smith <>
  rev!         BF15490B 2002-03-30  Andy Smith <>
  sub   2048g/604DE5DB 2004-05-28
  sig!         BF15490B 2004-05-28  Andy Smith <>
  sub   4096g/AD7623D2 2002-03-30 [revoked: 2002-03-30]
  sig!         BF15490B 2002-03-30  Andy Smith <>
  rev!         BF15490B 2002-03-30  Andy Smith <>
  sub   4096G/237C258F 2002-03-30 [revoked: 2004-05-28]
  sig!         BF15490B 2002-03-30  Andy Smith <>
  rev!         BF15490B 2004-05-28  Andy Smith <>
  sub   4096g/2F6F4447 2002-07-25 [revoked: 2004-05-28]
  sig!         BF15490B 2002-07-25  Andy Smith <>
  rev!         BF15490B 2004-05-28  Andy Smith <>

except for that nagging "gpg: key BF15490B: skipped subkey,"
which would seem to refer to:

 (NB:  output from keyserver.kjsl.com:11371)
 sub  4096g/788FA859 2002-07-25 [subkey, revoked?]
      Key fingerprint = 43A9 5BF3 7FF4 76EE 4694  DBCB E47E 70A6 788F A859
 sig  0x18  BF15490B 2002-07-25 [keybind, hash: type 2, 7f 15]
 rev  0x28  BF15490B 2002-07-25 [keybind, hash: type 2, 21 78]
 rev  0x28  BF15490B 2002-03-30 [keybind, hash: type 2, a9 dd]

which only has bad signatures from other subkeys and isn't even
importable from http://strugglers.net/pubkey.asc :

  %gpg --import pubkey.asc 
  gpg: key BF15490B: "Andy Smith <andy at strugglers.net>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  %gpg -k 788FA859
  gpg: error reading key: public key not found

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050216/24fc3020/attachment.pgp


More information about the Gnupg-users mailing list