Attached public key (which can be obtained from the Commerzbank website)
does not import in GnuPG because the self signature cannot be verified. It gives RSA verify -> Bad Signature.According to the Armor comment it was exported by "OpenPGP totemomail"
Maybe it is just invalid but maybe it is just unusual and GnuPG could import it or even has a bug in the verification codepath for this key. I don't see anything unusual in the list packets output.
# off=0 ctb=99 tag=6 hlen=3 plen=269 :public key packet: version 4, algo 1, created 1539872646, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] keyid: 03592E4F07D8F171 # off=272 ctb=b4 tag=13 hlen=2 plen=41 :user ID packet: "Maik M\xc3\xbcnch <maik.muench@commerzbank.com>" # off=315 ctb=89 tag=2 hlen=3 plen=540 :signature packet: algo 1, keyid D401CC5E60627DAC version 4, created 1539872647, md5len 0, sigclass 0x13 digest algo 8, begin of digest de c3 hashed subpkt 2 len 4 (sig created 2018-10-18) subpkt 16 len 8 (issuer key ID D401CC5E60627DAC) data: [4094 bits] # off=858 ctb=89 tag=2 hlen=3 plen=310 :signature packet: algo 1, keyid 03592E4F07D8F171 version 4, created 1539872647, md5len 0, sigclass 0x13 digest algo 8, begin of digest 70 2f hashed subpkt 2 len 4 (sig created 2018-10-18) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 3 (pref-hash-algos: 8 9 10) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 27 len 1 (key flags: 0F) hashed subpkt 9 len 4 (key expires after 3y0d0h0m) subpkt 16 len 8 (issuer key ID 03592E4F07D8F171) data: [2047 bits]
btw. Symantec OpenPGP Desktop imports it, but cannot use it afterwards.
I have this on "Needs Triage" because I just would like that maybe someone more knowledgeable in OpenPGP takes a quick look at this to see if there is anything unusual about this. I'm fine with "Invalid" Status if it's just a bad key.