Page MenuHome GnuPG
Create Task
Maniphest T3219

Regression in 2.1.21: Creates (local) signature on other public keyblock using signing subkey when certification key is not available
Closed, ResolvedPublic
Actions

Description

During debugging of a user problem in gnupg channel on FreeNode we came across a regression in 2.1.21 that I can reproduce on my own setup using a smartcard that only have subkeys available (no primary).

In versions before (at least up to 2.1.20) trying to lsign another key results in failure of non-available secret key, in 2.1.21 it signs the key using the signing subkey, which causes natural issues in trustdb calcualtion (it is not considered), so user experience is hurt as confusion arise why the key does not get any validity.

This can be reproduced using test keys

Details

Version
2.1.21

Event Timeline

kristianf created this task.Jun 23 2017, 8:19 PM
kristianf updated the task description. (Show Details)
kristianf added a comment.Jun 23 2017, 8:28 PM

Additional info: I tried setting up a reproducer without using a smartcard, and it fails with no secret key similar to earlier versions

kristianf added a project: scd.Jun 23 2017, 8:36 PM
kristianf added a comment.Jun 23 2017, 9:32 PM

Issue seems to be gone in gpg (GnuPG) 2.1.22-beta75

justus triaged this task as Normal priority.Jun 26 2017, 3:14 PM
justus added a subscriber: justus.

If this is gone in master, please close this bug. Thanks :).

kristianf closed this task as Resolved.Jun 26 2017, 7:20 PM