Page MenuHome GnuPG

Regression in 2.1.21: Creates (local) signature on other public keyblock using signing subkey when certification key is not available
Closed, ResolvedPublic

Description

During debugging of a user problem in gnupg channel on FreeNode we came across a regression in 2.1.21 that I can reproduce on my own setup using a smartcard that only have subkeys available (no primary).

In versions before (at least up to 2.1.20) trying to lsign another key results in failure of non-available secret key, in 2.1.21 it signs the key using the signing subkey, which causes natural issues in trustdb calcualtion (it is not considered), so user experience is hurt as confusion arise why the key does not get any validity.

This can be reproduced using test keys

Details

Version
2.1.21

Event Timeline

Additional info: I tried setting up a reproducer without using a smartcard, and it fails with no secret key similar to earlier versions

Issue seems to be gone in gpg (GnuPG) 2.1.22-beta75

justus triaged this task as Normal priority.Jun 26 2017, 3:14 PM
justus added a subscriber: justus.

If this is gone in master, please close this bug. Thanks :).