subkeys problem
Jason Harris
jharris at widomaker.com
Thu Feb 17 01:34:28 CET 2005
On Wed, Feb 16, 2005 at 10:23:38PM +0000, Andy Smith wrote:
> I have a gpg key, which can be found at
> http://strugglers.net/pubkey.asc or on keyservers; 0xBF15490B.
> A while ago I decided to revoke the encryption key and generate a
> new encryption key with 2048 bits instead of 1024. I thought it had
> worked so went ahead and revoked the encryption subkey, 0x9EE99022.
> The new encryption subkey is 0x604DE5DB.
> The problem is that, I still receive things encrypted to 0x9EE99022.
> Someone said this was something to do with subkeys and that I should
> use the keyserver subkeys.pgp.net. Using that keyserver I can
> upload something that does seem to represent my key properly, but
> others (who also use gpg) cannot get my key from there.
Your key on the SKS servers has a lot of subkey signatures
misplaced on userids:
%gpg -v --keyserver keyserver.noreply.org --recv 0x604DE5DB
gpg: requesting key 604DE5DB from hkp server keyserver.noreply.org
Host: keyserver.noreply.org
Command: GET
gpgkeys: HTTP URL is `hkp://keyserver.noreply.org/pks/lookup?op=get&options=mr&search=0x604DE5DB'
gpg: armor header: Version: SKS 1.0.9
gpg: pub 1024D/BF15490B 1998-08-12 Andy J. Smith <[elided]>
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: no subkey for subkey revocation signature
gpg: key BF15490B: no subkey for key revocation
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: removed multiple subkey binding
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: invalid subkey binding
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: invalid subkey revocation
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: subkey signature in wrong place - skipped
gpg: key BF15490B: skipped subkey
gpg: key BF15490B: public key "Andy Smith <andy at strugglers.net>" imported
gpg: Total number processed: 1
gpg: imported: 1
but it looks like most of its subkeys are in order:
%gpg -v ...
[snip]
sub 2048g/9EE99022 1998-08-12 [revoked: 2002-03-30]
sig! BF15490B 1998-08-12 Andy Smith <>
rev! BF15490B 2002-03-30 Andy Smith <>
sub 2048g/604DE5DB 2004-05-28
sig! BF15490B 2004-05-28 Andy Smith <>
sub 4096g/AD7623D2 2002-03-30 [revoked: 2002-03-30]
sig! BF15490B 2002-03-30 Andy Smith <>
rev! BF15490B 2002-03-30 Andy Smith <>
sub 4096G/237C258F 2002-03-30 [revoked: 2004-05-28]
sig! BF15490B 2002-03-30 Andy Smith <>
rev! BF15490B 2004-05-28 Andy Smith <>
sub 4096g/2F6F4447 2002-07-25 [revoked: 2004-05-28]
sig! BF15490B 2002-07-25 Andy Smith <>
rev! BF15490B 2004-05-28 Andy Smith <>
except for that nagging "gpg: key BF15490B: skipped subkey,"
which would seem to refer to:
(NB: output from keyserver.kjsl.com:11371)
sub 4096g/788FA859 2002-07-25 [subkey, revoked?]
Key fingerprint = 43A9 5BF3 7FF4 76EE 4694 DBCB E47E 70A6 788F A859
sig 0x18 BF15490B 2002-07-25 [keybind, hash: type 2, 7f 15]
rev 0x28 BF15490B 2002-07-25 [keybind, hash: type 2, 21 78]
rev 0x28 BF15490B 2002-03-30 [keybind, hash: type 2, a9 dd]
which only has bad signatures from other subkeys and isn't even
importable from http://strugglers.net/pubkey.asc :
%gpg --import pubkey.asc
gpg: key BF15490B: "Andy Smith <andy at strugglers.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
%gpg -k 788FA859
gpg: error reading key: public key not found
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050216/24fc3020/attachment.pgp
More information about the Gnupg-users
mailing list