Page MenuHome GnuPG

--export-options export-minimal,export-clean includes unusable subkeys
Closed, ResolvedPublic


Given that --export --export-options export-minimal,export-clean does not include unusuable User IDs, it seems odd that it includes unusable subkeys (i.e. subkeys that are revoked or expired).

0 dkg@alice:~$ gpg --list-keys $PGPID
gpg: please do a --check-trustdb
pub   rsa4096 2007-06-02 [SC] [expires: 2018-12-31]
uid           [ultimate] Daniel Kahn Gillmor <>
uid           [ultimate] Daniel Kahn Gillmor <>
uid           [ultimate] [jpeg image of size 3515]
uid           [ultimate] Daniel Kahn Gillmor <>
uid           [ultimate] Daniel Kahn Gillmor <>
sub   rsa4096 2017-12-04 [E] [expires: 2018-12-31]
sub   rsa4096 2017-12-04 [S] [expires: 2018-12-31]
sub   rsa3072 2017-12-04 [A] [expires: 2018-12-31]

0 dkg@alice:~$ gpg --export-options export-minimal,export-clean --export $PGPID | gpg --list-packets | grep -c 'sub key'
0 dkg@alice:~$

I think that either (or both) of export-minimal or export-clean should also mean dropping unusable subkeys.

At a minimum, there should be an option to explicitly exclude them from export.

(yes, i have several unusable subkeys, because i practice regular subkey rotation)

Event Timeline

I can see the case for encryption subkeys. Signing subkeys are still useful after their expiration.

Agreed, Signing subkeys can be useful for checking historical signatures. And even encryption subkeys *can* be useful after their expiration, e.g. when doing historical auditing.

But the question posed here is what should happen on export-minimal.

Perhaps export-clean should drop expired encryption- and authentication-capable subkeys, but not drop expired signing-capable subkeys. while export-minimal could drop all expired subkeys?

werner triaged this task as Normal priority.Feb 22 2018, 10:37 AM
werner edited projects, added Feature Request; removed Bug Report.
werner raised the priority of this task from Normal to High.May 28 2018, 7:11 PM
werner claimed this task.

To be released with 2.2.9