Page MenuHome GnuPG

import-clean drops a seemingly valid subkey
Closed, ResolvedPublic

Description

I've had keyserver-options import-clean in my gnupg.conf for some reason or other, and so far it hadn't caused problems until I tried to import 0xE63EDCA9329DD07E. When I run

gpg --recv-keys DE0E66E32F1FDD0902666B96E63EDCA9329DD07E

...the option causes the ed25519 2018-02-09 subkey to be ignored, showing this in logs:

gpg: key E63EDCA9329DD07E: 1 duplicate signature removed
gpg: key E63EDCA9329DD07E: 1 signature reordered
gpg: key E63EDCA9329DD07E: invalid subkey binding
gpg: key E63EDCA9329DD07E: removed multiple subkey binding
gpg: key E63EDCA9329DD07E: removed multiple subkey binding
gpg: key E63EDCA9329DD07E: removed multiple subkey binding
gpg: key E63EDCA9329DD07E: removed multiple subkey binding
gpg: key E63EDCA9329DD07E: removed multiple subkey binding
gpg: key E63EDCA9329DD07E: skipped subkey`

Yet, if I import _without_ import-clean active, and run gpg --check-sigs, it says that the subkey has a valid self-signature, and is perfectly happy verifying email messages signed with that subkey.

Was advised on IRC that this should be reported as a bug.

To reproduce:

export GNUPGHOME=/tmp/gpg.$$ &&
mkdir $GNUPGHOME &&
gpg --keyserver-options import-clean --recv-keys DE0E66E32F1FDD0902666B96E63EDCA9329DD07E &&
gpg --list-keys 76BE5DB25271E1481E678C35B6C41CE35664996C

Details

Version
2.2.7