Dealing with duplicate keys

Ludovic Courtès ludo at
Fri Oct 23 14:25:43 CEST 2020

Hi Werner,

Werner Koch <wk at> skribis:

> On Wed, 21 Oct 2020 23:52, Ludovic Courtès said:
>> For some reason (perhaps a bug in a previous version of GnuPG I used
>> long ago?), my public key ring had come to contain my own public key
>> twice, with the same fingerprint and all.
> Should not happen because we use on Unix a copy-to-temp/update/rename
> strategy.  There are bugs of course and so there is no guarantee that it
> does not happen.

I’ve been carrying this keyring for years, so it could be that there was
once a bug that led to this inconsistency.

> Eventually this will go away because 2.3 will come with the optional
> keyboxd daemon which uses sqlite and keeps a unique index on the
> primary key's fingerprint.  It will also makes things faster and more
> robust related to changes when running several gpg processes.
> Drawback is that we have yet another format to store keys.


>> To recover from it, I deleted my public key with ‘--delete-key’ twice,
>> ‘--delete-secret-key’ once for the corresponding secret key, and then
>> re-imported both the public key and the secret key, which I had
>> previously exported.  Now everything is back to normal.
> That is sound fix.  I am not aware of other reports but ppl might not
> have considered this a bug.
>   kbxutil --find-dups  pubring.kbx
> should print a list of duplicate records.  Take care: kbxutil is more of
> a debugging aid than a real tool.

Interesting!  Good news: I don’t have other duplicate keys.

> While you spoke about easypg: I often have problems with it and it would
> be nice if we could find a maintainer for it.  With the Emacs' new FFI a
> move to GPGME might also be an idea.

Yeah.  EPG seems to be actively maintained though; this recent change I
mentioned is what led me to discover this issue.

Thanks for your feedback!


More information about the Gnupg-users mailing list