How to delete a signature from a key with delsig?

Max Burley burley at telus.net
Wed Oct 6 00:58:57 CEST 2010


Daniel,
Thanks for taking the time. See below for the unexpected (to me at
least) solution.

Good point about the public servers, but in this case neither of the two
keys had been published. Also, fwiw this is on an Ubuntu 10.04 machine.

As for "how does it fail", the command> prompt from --edit-key
<key_name> kept returning "Invalid command (try "help")" for any input
not in the form "uid <key_name or n>." Whether a "delsig" was appended
to the command> or not, it returned to "command>" without affecting any
signature. I was unable to input a multi-line command without the
Invalid output. 

However, your response encouraged me to go back and hack at it some
more. After another failure and return to "command> (try "help")", I
actually tried "help" at the command prompt. Lo and behold, context
sensitive help. At the end of help's 30-item list of possible commands
was:
"minimize    compact unusable user IDs and remove all signatures from
key."

SOLUTION
$ gpg --edit-key <key_name>
Typing "minimize" at the "command>" prompt returned:
"User ID "name <email>": 1 signature removed"; and
returned me to "command>" where a "save" command saved changes, quit GPG
and returned me to my shell prompt. 
The key's self-signature was intact and the unwanted personal key
signature was gone.

Regards,
Max Burley



On Tue, 2010-10-05 at 14:11 -0400, Daniel Kahn Gillmor wrote:
> On 10/05/2010 12:21 PM, Max Burley wrote:
> > I have two keys: 
> > - a personal key (used to sign this message); and
> > - a business key.
> > 
> > Inadvertently, I signed the business key with the personal key. Trying
> > to remove that personal signature with delsig fails.
> 
> how does it fail?
> 
> to be clear, if this sig is already pushed to the keyservers you cannot
> delete it effectively, and your best bet is to revoke it.
> 
> > Bringing up the business key with "gpg --edit-key <key_name>" gives me
> > the "command>" prompt, at which point entering "<UID (n)> delsig" runs
> > without an error message, but the personal key signature is still
> > attached to the business key when I run "gpg --list-sigs <key_name>".
> > 
> > Am I missing something terribly obvious here?
> 
> It's not terribly obvious, but i think what you want to do within the
> gpg --edit-key prompt is a multi-line approach:
> 
>  uid <X>
>  delsig
> 
>  <then keep pressing "n" until you see the sig you want to delete --
>   at that point, choose Y>
> 
>  <choose q if there are no more sigs you want to delete>
>  save
> 
> and then you should be back at your shell's prompt.
> 
> hth,
> 
> 	--dkg
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20101005/f5c88e48/attachment.pgp>


More information about the Gnupg-users mailing list