Key selection

Peter Lebbing peter at
Fri Jan 2 17:37:19 CET 2015

On 31/12/14 22:09, Sandeep Murthy wrote:
> This is clearly a bug, and surely there’s an easy fix for it

I respectfully disagree on both. Editing a revoked key might not have a use, but
editing an expired key is perfectly valid, i.e., to extend its expiry date.
The matching behaviour is also clear and known: without being specific, one of
the matching keys. While being specific and applying to 1.4 and 2.0: the first
one in the keyring. With all respect, that this doesn't match what you'd like
to see is something else than "this is clearly a bug".

And whether there is an easy fix can't really be said without knowing the
internal structure of GnuPG. I think matching the first key you find needs to
know nothing apart from the key ID and the UID's. Matching other
characteristics means you need to parse more details of the key, which might not
be done until after key selection. It is not clear cut that this is an easy fix.
It might be, it might not be. Patches might be welcome if it's a small patch
with clear behaviour, i.e., easily verified as correct and complete. I'm
inclined to think the patch is not that small and clear, though.

> This issue is specific to the command line program, not any GUI based 
> program like Keychain (from MacGPG2 suite), because there the user can see 
> the keys and know which one to edit.

For the command line, it's a two-step process which requires the user to repeat
8 hex characters unless they have a mouse: they could also copy-paste. Surely
this is not much work.

$ gpg2 -k lebbing
pub   1024R/3E4FCA14 2006-03-31 [revoked: 2009-11-12]
uid       [ revoked] Peter Lebbing <peter at>

pub   2048R/DE500B3E 2009-11-12 [expires: 2015-10-27]
uid       [ultimate] Peter Lebbing <peter at>
sub   2048R/DE6CDCA1 2009-11-12 [expires: 2015-10-27]
sub   2048R/73A33BEE 2009-11-12 [expires: 2015-10-27]
sub   2048R/B65D8246 2009-12-05 [expires: 2015-10-27]

$ gpg2 --edit-key de500b3e

Possibly add a third step for a failed "gpg2 --edit-key lebbing" command as
the first step.

Conflicting short ID's make the first step above a bit more verbose but is
really rare:

$ gpg2 --keyid-format long -k lebbing

In this case, you might want to add keyid-format to your gpg.conf so you can
save on all that typing ;).

Conflicting long ID's are really, really rare but would make it a lot more



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list