Page MenuHome GnuPG
Create Task
Maniphest T2401

import-clean and export-clean do not have the documented effect
Closed, ResolvedPublic
Actions

Description

The documentation for import-clean claims:

This option is the same as running the --edit-key command "clean" after import.

The documentation for export-clean claims:

This option is the same as running the --edit-key command "clean" before export
except that the local copy of the key is not modified.

Neither of these appears to be the case. With the attached transferable public
key (pulled from the debian keyring), i can --import and --export it (both using
the appropriate -clean options) and the resultant exported transferable public
key is unchanged.

if i manually use the --edit-key subcommand "clean" and then re-export the key,
then the emitted key is actually cleaned.

Below is an example transcript using 2.1.13 with the attached transferable
public key in a new home directory.

0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --list-keys
gpg: keybox '/tmp/cdtemp.3Gj0sI/pubring.kbx' created
0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --import-options import-clean --import <
0x06EAA066E397832F.orig.asc 
gpg: key 06EAA066E397832F: public key "Luca Capello <luca@pca.it>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean
--export 0x06EAA066E397832F > 0x06EAA066E397832F.exported.asc
0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --edit-key 0x06EAA066E397832F  clean
gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

uid  Luca Capello <gismo@debian.org>
sig!3        06EAA066E397832F 2010-10-10 never       [self-signature]*
uid  Luca Capello <luca.capello@infomaniak.ch>
sig!3        06EAA066E397832F 2016-01-24 never       [self-signature]*
uid  Luca Capello <luca.capello@infomaniak.com>
sig!3        06EAA066E397832F 2016-01-29 never       [self-signature]*
sub  90C02DEC2BB95F4B
sig!         06EAA066E397832F 2009-07-01 never       [self-signature]*
uid  Luca Capello <luca@pca.it> (reordered signatures follow)
sig!3        06EAA066E397832F 2009-07-01 never       [self-signature]
sig!3        06EAA066E397832F 2009-07-01 never       [self-signature]
             [primary]
sig!3        06EAA066E397832F 2010-10-10 never       [self-signature]
             [primary]
sub  D91D57A03BE9F36D
sig!         06EAA066E397832F 2009-07-01 never       [self-signature]*
sub  F37834C0675E1031
sig!         06EAA066E397832F 2016-02-22 never       [self-signature]*
             [expires: 2010-07-01 14:44:59]
sub  669F597AA0ACD061
sig!         06EAA066E397832F 2016-02-22 never       [self-signature]*
             [expires: 2010-07-01 14:44:59]
sub  CBAA74B5D18542FA
sig!         06EAA066E397832F 2016-02-22 never       [self-signature]*
             [expires: 2010-07-01 14:44:59]
key 06EAA066E397832F:
1 duplicate signature removed
3 signatures reordered
Warning: errors found and only checked self-signatures, run 'check' to check all
signatures.

pub  rsa4096/06EAA066E397832F
     created: 2009-07-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
sub  rsa4096/90C02DEC2BB95F4B
     created: 2009-07-01  expires: never       usage: E   
sub  rsa4096/D91D57A03BE9F36D
     created: 2009-07-01  expires: never       usage: SEA 
sub  rsa4096/F37834C0675E1031
     created: 2016-02-22  expires: 2017-02-21  usage: S   
sub  rsa4096/669F597AA0ACD061
     created: 2016-02-22  expires: 2017-02-21  usage: E   
sub  rsa4096/CBAA74B5D18542FA
     created: 2016-02-22  expires: 2017-02-21  usage: A   
[ unknown] (1). Luca Capello <luca@pca.it>
[ unknown] (2)  Luca Capello <gismo@debian.org>
[ unknown] (3)  Luca Capello <luca.capello@infomaniak.ch>
[ unknown] (4)  Luca Capello <luca.capello@infomaniak.com>

User ID "Luca Capello <luca@pca.it>": 3 signatures removed
User ID "Luca Capello <gismo@debian.org>": already clean
User ID "Luca Capello <luca.capello@infomaniak.ch>": already clean
User ID "Luca Capello <luca.capello@infomaniak.com>": already clean

pub  rsa4096/06EAA066E397832F
     created: 2009-07-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
sub  rsa4096/90C02DEC2BB95F4B
     created: 2009-07-01  expires: never       usage: E   
sub  rsa4096/D91D57A03BE9F36D
     created: 2009-07-01  expires: never       usage: SEA 
sub  rsa4096/F37834C0675E1031
     created: 2016-02-22  expires: 2017-02-21  usage: S   
sub  rsa4096/669F597AA0ACD061
     created: 2016-02-22  expires: 2017-02-21  usage: E   
sub  rsa4096/CBAA74B5D18542FA
     created: 2016-02-22  expires: 2017-02-21  usage: A   
[ unknown] (1). Luca Capello <luca@pca.it>
[ unknown] (2)  Luca Capello <gismo@debian.org>
[ unknown] (3)  Luca Capello <luca.capello@infomaniak.ch>
[ unknown] (4)  Luca Capello <luca.capello@infomaniak.com>

gpg> save
   Preferred keyserver: hkp://keyring.debian.org
   Preferred keyserver: hkp://pool.sks-keyservers.net
0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean
--export 0x06EAA066E397832F > 0x06EAA066E397832F.exported-after.asc
0 dkg@alice:/tmp/cdtemp.3Gj0sI$ ls -la 0x06EAA066E397832F.*.asc
-rw-r--r-- 1 dkg dkg 221833 Jun 27 12:35 0x06EAA066E397832F.exported-after.asc
-rw-r--r-- 1 dkg dkg 225018 Jun 27 12:35 0x06EAA066E397832F.exported.asc
-rw-r--r-- 1 dkg dkg 225018 Jun 27 12:29 0x06EAA066E397832F.orig.asc
0 dkg@alice:/tmp/cdtemp.3Gj0sI$ sha256sum 0x06EAA066E397832F.*.asc
833f1372ef7d38271610ebce9b7b3cbe7ed8434e271b0e90a2e0769ce1b4a969 
0x06EAA066E397832F.exported-after.asc
0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 
0x06EAA066E397832F.exported.asc
0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 
0x06EAA066E397832F.orig.asc
0 dkg@alice:/tmp/cdtemp.3Gj0sI$

Details

Version
2.1.13,master

Revisions and Commits

rG GnuPG
rG609bbdf3614f g10: Clean keyblock on initial commit.

Related Objects

Event Timeline

dkg set Version to 2.1.13.Jun 27 2016, 6:42 PM
dkg added a subscriber: dkg.

855_0x06EAA066E397832F.orig.asc219 KBDownload

dkg added projects: gnupg, Bug Report.Jun 27 2016, 6:42 PM
justus changed Version from 2.1.13 to 2.1.13,master.Jul 27 2016, 4:22 PM
justus added a subscriber: justus.

import-clean does call the same code, but it behaves differently for the key you
mention. I created a test key that does get cleaned up upon import.

justus added a comment.Jul 27 2016, 4:22 PM

865_key_with_duplicate_0x10_signatures.pub2 KBDownload

marcus added a commit: rG609bbdf3614f: g10: Clean keyblock on initial commit..Jul 21 2017, 4:04 PM
marcus updated the task description. (Show Details)Jul 21 2017, 4:08 PM
marcus closed this task as Resolved.Jul 21 2017, 4:13 PM
marcus claimed this task.
marcus added a subscriber: marcus.

I fixed the initial-import case in 609bbdf3614fbadeba7a6cbdfdf5004b23516a64. I could not reproduce the export case, for me the export using export-clean is different from the normal export. Maybe it got fixed in an unrelated change, such as 356323768a1a29138581d0aceed0336ab8be0d5c. If you still experience issues with export-clean, please reopen.