Surprising command line options handling

Daniele Nicolodi daniele at
Mon Feb 23 23:51:48 CET 2015


I've been struggling quite a long while today trying to understand why
the following command does not do what I expected:

gpg --export-secret-subkeys 41E999D7! \
    --export-options export-reset-subkey-passwd

It does not reset the password on the exported subkey.

After some head scratching I recognized that gpg stop parsing arguments
when it encounters the key id and ignores what follows. This is probably
caused by the fact that whatever follows the first key id is also
interpreted as a possible key id, and that gpg by default does not error
out on invalid key ids. Please correct me if I'm wrong.

There is a reason why gpg does not choke on bad key ids? There is a way
to make the key id parsing strict and avoid surprises as the one above?

Thanks. Cheers,

More information about the Gnupg-users mailing list