Key corruption: duplicate signatures and usage flags

[Justus Winter]

martin f krafft <madduck at madduck.net> writes:

> Hey,
>
> My key on the keyservers is 0x55C9882D999BBCC4. If I download this
> to a fresh keyring, I get some weird behaviours:

gpg --version please?

>   % alias gpg='gpg --homedir=.'

I tend to do: $ export GNUPGHOME=$(mktemp -d)

> So far, so good. Do note the [SC] usage flags.

What are the capabilities of your primary key supposed to be?

>   key 55C9882D999BBCC4:
>   24 duplicate signatures removed
>
> That's a bit weird. Where do these come from?

Not sure, but anyone can append stuff to your key on the keyservers.
Maybe some faulty software reordered the packages and uploaded it?

> But there's more: now the usage flag of the primary key has been
> changed to just 'C' (which is what I uploaded), and …
>
>   pub  rsa4096/55C9882D999BBCC4
>       created: 2009-07-06  expires: 2020-02-01  usage: C
>       trust: unknown       validity: unknown
>   […]
>
> … a subsequent save spews a weird list of "Preferred keyserver:"
> text to stdout, but now the usage flag of the primary key is also
> just [C] in the --list-keys output:
>
>   gpg> save
>   Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: Preferred keyserver: %
>
>   % gpg --list-keys 0x55C9882D999BBCC4
>   pub   rsa4096 2009-07-06 [C] [expires: 2020-02-01]
>         2CCB26BC5C49BC221F20794255C9882D999BBCC4
>   […]

This is odd indeed.


Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170621/5da2ca7e/attachment.sig>