Page MenuHome GnuPG
Create Task
Maniphest T2878

delkey doesn't delete secret keys
Closed, InvalidPublic
Actions

Description

When using gpg --edit, if you select some subkeys and use delkey, they disappear
from the keyring, and you correctly cannot use them anymore, but it seems the
private key is never actually deleted.

Steps to reproduce:

  1. Use delkey to delete some subkeys
  2. Try to do something that requires those subkeys, which as expected fails
  3. Reimport your public keys, with e.g. --refresh-keys
  4. The action in 2) now succeeds

Details

Version
2.1.16

Related Objects

Event Timeline

C4K3 set Version to 2.1.16.Dec 19 2016, 12:47 AM
C4K3 added projects: gnupg, Bug Report.
C4K3 added a subscriber: C4K3.
justus claimed this task.Dec 19 2016, 11:37 AM
justus added a subscriber: justus.
justus closed this task as Invalid.Dec 19 2016, 3:46 PM

This is a misunderstanding. 'delkey' only operates on public keys. I have
updated the documentation to make that clear.

Fixed in a76fe9e86d7802e67373218bd1759168585e92ab.

Unfortunately, it is currently not possible to delete secret subkeys while
keeping the secret identity key. You can use gpg --delete-secret-keys to delete
the whole secret key though.

justus removed a project: Bug Report.Dec 19 2016, 3:46 PM
C4K3 added a comment.Dec 19 2016, 6:16 PM

Makes sense, but it is still a problem in that --delete-secret-subkeys doesn't
work if you don't have the secret identity key. Which means that it's impossible
to delete the secret subkeys except by getting their keygrip and deleting them
in the private-keys-v1.d directory, though I suppose this is for a different bug
report.

justus added a comment.Dec 20 2016, 11:08 AM

Indeed, that is a problem. I have created T2879 to track this.