Key corruption: duplicate signatures and usage flags

martin f krafft madduck at madduck.net
Wed Jun 21 11:03:40 CEST 2017 

Hey,

My key on the keyservers is 0x55C9882D999BBCC4. If I download this
to a fresh keyring, I get some weird behaviours:

  % alias gpg='gpg --homedir=.'
  % gpg --recv-key 0x55C9882D999BBCC4
  gpg: keybox '/home/ssd/madduck/.tmp/cdt.p0R8ly/pubring.kbx' created
  gpg: /home/ssd/madduck/.tmp/cdt.p0R8ly/trustdb.gpg: trustdb created
  gpg: key 55C9882D999BBCC4: public key "Martin F. Krafft <mail at martin-krafft.net>" imported
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1

  % gpg --list-keys !$
  gpg --list-keys 0x55C9882D999BBCC4
  pub   rsa4096 2009-07-06 [SC] [expires: 2020-02-01]
      	2CCB26BC5C49BC221F20794255C9882D999BBCC4
  uid           [ unknown] Martin F. Krafft <mail at martin-krafft.net>
  uid           [ unknown] Martin F. Krafft <madduck at madduck.net>
  uid           [ unknown] Martin F. Krafft (Debian) <madduck at debian.org>
  uid           [ unknown] [jpeg image of size 2160]
  sub   rsa4096 2016-07-01 [E] [expires: 2018-02-01]
  sub   rsa4096 2016-12-01 [S] [expires: 2018-02-01]
  sub   rsa4096 2016-12-01 [A] [expires: 2018-02-01]

So far, so good. Do note the [SC] usage flags.

And then check this out:

  % gpg --edit-key 0x55C9882D999BBCC4
  gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.

  uid  Martin F. Krafft <madduck at madduck.net>
  sig!3        55C9882D999BBCC4 2009-07-06 never       [self-signature]
  sig!3        55C9882D999BBCC4 2017-06-07 never       [self-signature]*
              [expires: 2020-02-01 11:20:11]
  sig!3        55C9882D999BBCC4 2009-07-06 never       [self-signature]
    x-hkp://pool.sks-keyservers.net

  […]

  sub  AD18B605905834CC
  sig!    P    55C9882D999BBCC4 2015-07-01 never       [self-signature]*
    Signature policy: http://martin-krafft.net/gpg/cert-policy/55c9882d999bbcc4/201412051354?sha512sum=a5f417ebe563ed63cc3bbc4b14da4983e30d8ada7b2ba94b6de5e7a74bee6ab55c6ca307e163c33a6bf242e8ce4ca5fe99a271dd3b41626d3b4a10203a5c7225
              [expires: 2010-08-07 08:37:18]

  […]

  key 55C9882D999BBCC4:
  24 duplicate signatures removed

That's a bit weird. Where do these come from?

But there's more: now the usage flag of the primary key has been
changed to just 'C' (which is what I uploaded), and …

  pub  rsa4096/55C9882D999BBCC4
      created: 2009-07-06  expires: 2020-02-01  usage: C
      trust: unknown       validity: unknown
  […]

… a subsequent save spews a weird list of "Preferred keyserver:"
text to stdout, but now the usage flag of the primary key is also
just [C] in the --list-keys output:

  gpg> save
  Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: %

  % gpg --list-keys 0x55C9882D999BBCC4
  pub   rsa4096 2009-07-06 [C] [expires: 2020-02-01]
        2CCB26BC5C49BC221F20794255C9882D999BBCC4
  […]

Do you have any idea what might be going on here? Is this a problem,
or just cosmetic? Is it fixable? How?

-- 
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
 
"life moves pretty fast. if you don't stop and look around once in
 a while, you could miss it."
                                                     -- ferris bueller
 
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1118 bytes
Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: </pipermail/attachments/20170621/63121f2a/attachment.sig>

More information about the Gnupg-users mailing list