gpg: confirm deletion of each secret key
Needs ReviewPublic

Authored by matheusmoreira on Tue, Apr 30, 3:32 PM.
This revision needs review, but there are no reviewers specified.


  • g10/delkey.c (confirm_deletion): New.

(do_delete_key): Confirm the deletion of each individual secret key.

When asked to delete a specific secret subkey, the program confirms
the deletion of the primary key once and then deletes the subkey.
It is confirming the deletion of the entire key block instead of
just the key the user specified.

Now it confirms the deletion of each individual secret key.

Signed-off-by: Matheus Afonso Martins Moreira <>

Test Plan

Given a temporary gpg home with primary and subordinate keys:

$ agent/gpg-agent --daemon --homedir $XDG_RUNTIME_DIR/gnupg-git
$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --default-new-key-algo 'rsa1024/cert+rsa1024/sign' --quick-gen-key test
$ SUBKEY=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-subkey-fingerprint --with-colons | awk -F: '/fpr/ { print $10 }' | tail -1)

Attempting to delete keys should result in:

  1. The correct secret key fingerprints being printed in the confirmation prompts.
  2. The deletion of every secret key being confirmed if the key specification is not exact.

Diff Detail

rG GnuPG
Lint Skipped
Unit Tests Skipped
matheusmoreira retitled this revision from Confirm the deletion of every secret key to gpg: confirm deletion of each secret key.Thu, May 2, 4:04 AM
matheusmoreira edited the summary of this revision. (Show Details)
matheusmoreira edited the test plan for this revision. (Show Details)
matheusmoreira updated this revision to Diff 1378.EditedWed, May 22, 2:14 AM

Rebased on top of master: 4c7d63cd5b02
Add the if (okay) conditional back to the code