[2.1.19] --list-secret-keys not # marking unavailable subkeys?

Danielle McLean dani at 00dani.me
Thu Apr 6 14:21:29 CEST 2017


Hi, I'm using GnuPG 2.1.19 on a Mac with a smartcard (a YubiKey NEO)
holding my regularly-used subkeys - some of my keys are actually in my
secret keyring, but others are only stubs. When I run gpg --card-status,
each secret key is correctly marked with # when it's unavailable or >
when it's stored on my smartcard. For example:

$ gpg --card-status | sed -n '/General key info/,$p'

General key info..: sub  rsa2048/3844A6973C6058F1 2017-04-05 Danielle
McLean <dani at 00dani.me>
sec#  rsa4096/27D076D2ACA7BABE  created: 2017-04-03  expires: never
ssb#  rsa4096/5A5D2D1AFF12EEC5  created: 2017-04-04  expires: 2018-04-04
ssb#  rsa4096/D2081794136A2F3E  created: 2017-04-04  expires: 2018-04-04
ssb>  rsa2048/3844A6973C6058F1  created: 2017-04-05  expires: 2018-04-05
                                card-no: 0006 05312011
ssb   rsa2048/9D50913E336B08C1  created: 2017-04-05  expires: 2018-04-05
ssb>  rsa2048/9EC155D34F33D648  created: 2017-04-05  expires: 2018-04-05
                                card-no: 0006 05312011

The above information is correct - I have the subkeys 3C6058F1 and
4F33D648 stored on my smartcard,
the subkey 336B08C1 stored in my secret keyring, and the other secret
keys aren't available. However, when I run gpg --list-secret-keys, the #
marker doesn't appear on unavailable subkeys:

$ gpg -K ACA7BABE
sec#  rsa4096 2017-04-03 [C]
      83F3DCEC98D522B6A38AF5D927D076D2ACA7BABE
uid           [ultimate] Danielle McLean <dani at 00dani.me>
ssb   rsa4096 2017-04-04 [S] [expires: 2018-04-04]
ssb   rsa4096 2017-04-04 [A] [expires: 2018-04-04]
ssb>  rsa2048 2017-04-05 [S] [expires: 2018-04-05]
ssb   rsa2048 2017-04-05 [E] [expires: 2018-04-05]
ssb>  rsa2048 2017-04-05 [A] [expires: 2018-04-05]

It's very confusing, as it seems to indicate my secret keyring contains
keys that it definitely doesn't. Why the inconsistency? Can I somehow
reconfigure GnuPG so that the --list-secret-keys output includes the
missing information?

Thanks!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170406/18dec516/attachment.sig>


More information about the Gnupg-users mailing list