Dealing with duplicate keys

Werner Koch wk at gnupg.org
Thu Oct 22 15:22:33 CEST 2020


On Wed, 21 Oct 2020 23:52, Ludovic Courtès said:

> For some reason (perhaps a bug in a previous version of GnuPG I used
> long ago?), my public key ring had come to contain my own public key
> twice, with the same fingerprint and all.

Should not happen because we use on Unix a copy-to-temp/update/rename
strategy.  There are bugs of course and so there is no guarantee that it
does not happen.  Eventually this will go away because 2.3 will come
with the optional keyboxd daemon which uses sqlite and keeps a unique
index on the primary key's fingerprint.  It will also makes things
faster and more robust related to changes when running several gpg
processes.  Drawback is that we have yet another format to store keys.

> To recover from it, I deleted my public key with ‘--delete-key’ twice,
> ‘--delete-secret-key’ once for the corresponding secret key, and then
> re-imported both the public key and the secret key, which I had
> previously exported.  Now everything is back to normal.

That is sound fix.  I am not aware of other reports but ppl might not
have considered this a bug.

  kbxutil --find-dups  pubring.kbx

should print a list of duplicate records.  Take care: kbxutil is more of
a debugging aid than a real tool.

While you spoke about easypg: I often have problems with it and it would
be nice if we could find a maintainer for it.  With the Emacs' new FFI a
move to GPGME might also be an idea.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201022/60647b59/attachment-0001.sig>


More information about the Gnupg-users mailing list