Page MenuHome GnuPG
Create Task
Maniphest T2759

Misleading error message when trying to sign with an expired key
Closed, DuplicatePublic
Actions

Description

Trying to sign something with an expired key fails with:

$ gpg --default-key 9F48DAD6475BC942 --armour --sign
gpg: Warning: not using '9F48DAD6475BC942' as default key: No secret key

This is quite misleading and leads to spend time trying to debug issues with the
private keys, while the real problem is in the public one.

Being more explicit on the reason why using the key failed would be ideal, but
if the program isn't able to know at least rewording the error message (maybe to
something like "Secret key not available or expired key") would prevent wasting
time looking in the wrong direction.

Thanks

Details

Version
2.1.15

Related Objects

Event Timeline

valhalla set Version to 2.1.15.Oct 15 2016, 6:34 PM
valhalla added projects: gnupg, Bug Report.
valhalla added a subscriber: valhalla.
marcus added a subscriber: marcus.Jul 25 2017, 4:13 PM

You get more information with -v. Because a key can have multiple subkeys, this is not so easy to fix, because at the point that we decide that we can't build the signature we don't have all the information on potential key candidates anymore.

marcus added a comment.Jul 25 2017, 4:14 PM

Besides -v, --status-fd 2 (for example) also shows useful information, as usual.

Angel added a subscriber: Angel.Feb 4 2024, 3:54 AM

This was reported again 3 years later as T4704, and finally fixed in gnupg-2.4.4, released last week.

Angel closed this task as a duplicate of T4704: Wrong error message when key is expired.Feb 4 2024, 3:55 AM