gpg --list-secret-keys does not skip revoked keys
Daiki Ueno
ueno at unixuser.org
Wed Dec 22 09:55:24 CET 2010
Hi,
I noticed that gpg --list-secret-keys skips expired keys but not revoked
keys. For example, when I have two keys (one is expired and another is
revoked):
$ gpg --list-keys A6CC6651 D1458906
pub 2048R/A6CC6651 2010-11-10 [expired: 2010-11-17]
uid Daiki Ueno <ueno at unixuser.org>
pub 2048R/D1458906 2010-12-22 [revoked: 2010-12-22]
uid Daiki Ueno <ueno at unixuser.org>
$ gpg --list-secret-keys A6CC6651 D1458906
sec 2048R/D1458906 2010-12-22
uid Daiki Ueno <ueno at unixuser.org>
ssb 2048R/AE471CB5 2010-12-22
Is this an intended behavior? Also, if I supply the revoked key to say
gpg --sign, it simply fails:
$ gpg --sign -u D1458906 < /dev/null
gpg: skipped "D1458906": unusable secret key
gpg: signing failed: unusable secret key
BTW, I'm wondering if there is any reason why the validity field (Field
2 of --with-colons output) is not used for secret keys. It might be
useful for the libraries which call gpg internally (epg.el I mean :) to
check if a key is usable. Currently we need to run gpg --list-keys
followed by gpg --list-secret-keys.
Regards,
--
Daiki Ueno
More information about the Gnupg-users
mailing list