gpg --list-secret-keys does not skip revoked keys

Daiki Ueno ueno at
Wed Dec 22 09:55:24 CET 2010


I noticed that gpg --list-secret-keys skips expired keys but not revoked
keys.  For example, when I have two keys (one is expired and another is

$ gpg --list-keys A6CC6651 D1458906
pub   2048R/A6CC6651 2010-11-10 [expired: 2010-11-17]
uid                  Daiki Ueno <ueno at>

pub   2048R/D1458906 2010-12-22 [revoked: 2010-12-22]
uid                  Daiki Ueno <ueno at>

$ gpg --list-secret-keys A6CC6651 D1458906
sec   2048R/D1458906 2010-12-22
uid                  Daiki Ueno <ueno at>
ssb   2048R/AE471CB5 2010-12-22

Is this an intended behavior?  Also, if I supply the revoked key to say
gpg --sign, it simply fails:

$ gpg --sign -u D1458906 < /dev/null
gpg: skipped "D1458906": unusable secret key
gpg: signing failed: unusable secret key

BTW, I'm wondering if there is any reason why the validity field (Field
2 of --with-colons output) is not used for secret keys.  It might be
useful for the libraries which call gpg internally (epg.el I mean :) to
check if a key is usable.  Currently we need to run gpg --list-keys
followed by gpg --list-secret-keys.

Daiki Ueno

More information about the Gnupg-users mailing list