Problems with two active encryption subkeys

Sven Klomp mail at
Thu Nov 11 09:50:30 CET 2010

On Wednesday 10 November 2010 20:20:13 Hauke Laging wrote:
> I created some more subkeys to check that...
> For 2.0.15 you are right in one point and wrong in the other. It is the newer 
> creation date which is chosen not the longer remaining validity period. But 
> the newer key wins against the longer one:
> start cmd:> LC_ALL=C gpg --edit-key 71FDC5CB
> pub  1024D/0x71FDC5CB  created: 2010-02-25  expires: 2011-02-25  usage: C
> [...]
> sub  2048R/0xDA63AFDA  created: 2010-11-10  expires: 2011-01-09  usage: E
> sub  1024R/0x1860836B  created: 2010-11-10  expires: 2010-12-10  usage: E
> gpg --encrypt --recipient 71FDC5CB test.html
> encrypts for 1860836B not for the both longer and longer valid DA63AFDA.

So the decision is done in the implementation and not covered in  the OpenPGP standard. Thus, other software may behave differently.
I think, I have to revoke one key to avoid problems...
Thanks for pointig this out.


More information about the Gnupg-users mailing list