Page MenuHome GnuPG

Misleading error message when trying to sign with an expired key
Closed, DuplicatePublic


Trying to sign something with an expired key fails with:

$ gpg --default-key 9F48DAD6475BC942 --armour --sign
gpg: Warning: not using '9F48DAD6475BC942' as default key: No secret key

This is quite misleading and leads to spend time trying to debug issues with the
private keys, while the real problem is in the public one.

Being more explicit on the reason why using the key failed would be ideal, but
if the program isn't able to know at least rewording the error message (maybe to
something like "Secret key not available or expired key") would prevent wasting
time looking in the wrong direction.




Event Timeline

valhalla added projects: gnupg, Bug Report.
valhalla added a subscriber: valhalla.

You get more information with -v. Because a key can have multiple subkeys, this is not so easy to fix, because at the point that we decide that we can't build the signature we don't have all the information on potential key candidates anymore.

Besides -v, --status-fd 2 (for example) also shows useful information, as usual.

This was reported again 3 years later as T4704, and finally fixed in gnupg-2.4.4, released last week.