Page MenuHome GnuPG
Create Task
Maniphest T4025

`gpg --with-sig-list --show-keys` does not show all the signature packets from stdin
Open, LowPublic
Actions

Description

note that there are two subkey signatures over this subkey.

--list-packets shows them both, but --with-sig-list --show-keys (with or without --with-colons) only shows the latter one.

Presumably this is because --show-keys is using the --import logic, which cleans up multiple signatures when one supercedes the other, but i'm not sure how to disable that.

0 dkg@alice:/tmp/cdtemp.fmi4Ht$ cat example.key 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWyKDyRYJKwYBBAHaRw8BAQdAfBnt+sUl9pDd/h1MYdaJOOx/fvtA/C4YmLfb
UpBcGKC0CXRlc3QgdXNlcoiWBBMWCAA+FiEEFG+ZFpjKKwlGF5wpUOvKsRJ0qN0F
Alsig8kCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQUOvKsRJ0
qN3wSQD+Mt7QQya4Vc8uvjpwWgcl2fQNdsYpdCqSQHQ5Qn1PRKIBAJNOMwn0PCth
hSkz0Am+//gP9A2Jx2UDclF/wvewj1YOuDgEWyKDyRIKKwYBBAGXVQEFAQEHQBn9
nBwFZ76KL0E+aG/q6IyzS0C7+M5htnjwY5V1qU8iAwEIB4h4BBgWCAAgFiEEFG+Z
FpjKKwlGF5wpUOvKsRJ0qN0FAlsig8kCGwwACgkQUOvKsRJ0qN0nbwD+IlauDJsp
7nRqyBIv6NBgOB4kUPIqEL1keFpOktWB9OEBAJBxhqg7MNFA7sEYqWV62shT0wQN
LLGPXNnjZpxn4xIOiH4EGBYIACYCGwwWIQQUb5kWmMorCUYXnClQ68qxEnSo3QUC
WyKDygUJAeEzgQAKCRBQ68qxEnSo3bMFAP9au6KLH3pTKgnAEfV1GDjphXJ1xSCL
sarFUaeMLCCt1QEAsyV9wMRbT7Rt3kPLjR3mdFZ5XSMlnAJgLtICsALwRgU=
=iwYl
-----END PGP PUBLIC KEY BLOCK-----
0 dkg@alice:/tmp/cdtemp.fmi4Ht$ gpg --list-packets < example.key 
# off=0 ctb=98 tag=6 hlen=2 plen=51
:public key packet:
	version 4, algo 22, created 1528988617, expires 0
	pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)
	pkey[1]: [263 bits]
	keyid: 50EBCAB11274A8DD
# off=53 ctb=b4 tag=13 hlen=2 plen=9
:user ID packet: "test user"
# off=64 ctb=88 tag=2 hlen=2 plen=150
:signature packet: algo 22, keyid 50EBCAB11274A8DD
	version 4, created 1528988617, md5len 0, sigclass 0x13
	digest algo 8, begin of digest f0 49
	hashed subpkt 33 len 21 (issuer fpr v4 146F991698CA2B0946179C2950EBCAB11274A8DD)
	hashed subpkt 2 len 4 (sig created 2018-06-14)
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
	hashed subpkt 30 len 1 (features: 01)
	hashed subpkt 23 len 1 (keyserver preferences: 80)
	subpkt 16 len 8 (issuer key ID 50EBCAB11274A8DD)
	data: [254 bits]
	data: [256 bits]
# off=216 ctb=b8 tag=14 hlen=2 plen=56
:public sub key packet:
	version 4, algo 18, created 1528988617, expires 0
	pkey[0]: [88 bits] cv25519 (1.3.6.1.4.1.3029.1.5.1)
	pkey[1]: [263 bits]
	pkey[2]: [32 bits]
	keyid: 81A90B596E9C71CB
# off=274 ctb=88 tag=2 hlen=2 plen=120
:signature packet: algo 22, keyid 50EBCAB11274A8DD
	version 4, created 1528988617, md5len 0, sigclass 0x18
	digest algo 8, begin of digest 27 6f
	hashed subpkt 33 len 21 (issuer fpr v4 146F991698CA2B0946179C2950EBCAB11274A8DD)
	hashed subpkt 2 len 4 (sig created 2018-06-14)
	hashed subpkt 27 len 1 (key flags: 0C)
	subpkt 16 len 8 (issuer key ID 50EBCAB11274A8DD)
	data: [254 bits]
	data: [256 bits]
# off=396 ctb=88 tag=2 hlen=2 plen=126
:signature packet: algo 22, keyid 50EBCAB11274A8DD
	version 4, created 1528988618, md5len 0, sigclass 0x18
	digest algo 8, begin of digest b3 05
	hashed subpkt 27 len 1 (key flags: 0C)
	hashed subpkt 33 len 21 (issuer fpr v4 146F991698CA2B0946179C2950EBCAB11274A8DD)
	hashed subpkt 2 len 4 (sig created 2018-06-14)
	hashed subpkt 9 len 4 (key expires after 1y0d0h0m)
	subpkt 16 len 8 (issuer key ID 50EBCAB11274A8DD)
	data: [255 bits]
	data: [256 bits]
0 dkg@alice:/tmp/cdtemp.fmi4Ht$ gpg --with-sig-list --show-keys < example.key 
pub   ed25519 2018-06-14 [SC] [expires: 2020-06-13]
      146F991698CA2B0946179C2950EBCAB11274A8DD
uid                      test user
sig 3        50EBCAB11274A8DD 2018-06-14  test user
sub   cv25519 2018-06-14 [E] [expires: 2019-06-14]
sig          50EBCAB11274A8DD 2018-06-14  test user

0 dkg@alice:/tmp/cdtemp.fmi4Ht$ gpg --with-colons --with-sig-list --show-keys < example.key 
pub:-:256:22:50EBCAB11274A8DD:1528988617:1592060617::-:::scESC:::::ed25519:::0:
fpr:::::::::146F991698CA2B0946179C2950EBCAB11274A8DD:
uid:-::::1528988617::13726D8604D4FD60CE4603608BC2A11FBE5EC86B::test user::::::::::0:
sig:::22:50EBCAB11274A8DD:1528988617::::test user:13x::146F991698CA2B0946179C2950EBCAB11274A8DD:::8:
sub:-:256:18:81A90B596E9C71CB:1528988617:1560524618:::::e:::::cv25519::
fpr:::::::::BB8B7D635B9736F696A8A12681A90B596E9C71CB:
sig:::22:50EBCAB11274A8DD:1528988618::::test user:18x::146F991698CA2B0946179C2950EBCAB11274A8DD:::8:
0 dkg@alice:/tmp/cdtemp.fmi4Ht$

this cert was generated with these commands used while investigating T4024:

create_gpghome () {
  export local GNUPGHOME="$1"
  mkdir -m 0700 "$GNUPGHOME"
  gpg --no-tty --yes --batch --passphrase '' --pinentry-mode=loopback --status-file="$GNUPGHOME/creation" --quick-gen-key 'test user' future-default default 2y
  local FPR="$(awk '($2=="KEY_CREATED") { print $4 }' < "$GNUPGHOME"/creation)" 
  sleep 1
  gpg --export > "$GNUPGHOME/before.gpg"
  gpg --no-tty --yes --batch --passphrase '' --pinentry-mode=loopback --quick-set-expire "$FPR" 1y '*' 
  gpg --export > "$GNUPGHOME/after.gpg"; gpg --with-colons --list-sigs "$FPR"
}

import_gpg_staging () { 
  export local GNUPGHOME="$2"
  mkdir -m 0700 "$GNUPGHOME"
  gpg --import < "$1/before.gpg"
  gpg --import < "$1/after.gpg"
  gpg --with-colons --list-sigs
}

create_gpghome xx
import_gpg_staging xx yy
gpg --homedir yy --armor --export > example.key

Details

Version
2.2.8

Related Objects

Event Timeline

dkg created this task.Jun 14 2018, 5:23 PM
dkg created this object in space S1 Public.
werner triaged this task as Low priority.Jun 14 2018, 7:34 PM
werner added a subscriber: werner.

--shows-keys is not a debug command to show the inetrnals of an OpenPGP message. It does the same as creating an empty homedir, importing the keys and running -k. Thus there is no way to get to the internals of an OpenPGP messages.