Page MenuHome GnuPG

import-export does not remove duplicated subkeys
Closed, ResolvedPublic


This OpenPGP keyring has a single certificate with a bunch of duplicate subkeys:

It got this way due to bugs in no-longer-supported versions of GnuPG, afaict.

According to gpg(1), by default repair-keys is enabled, which should clean up duplicate signatures. But it looks like it doesn't remove duplicate subkeys.

My usual method for pruning an OpenPGP certificate is to launder it through gpg --import-export, but that doesn't clean up this key.

If i strip off all of the subkeys, and import only the primary key into a new keyring; and then i import the entire certificate into that new keyring; then the *merge* operation pares down the duplicates. But this is a pretty heinous workflow, involving gpgsplit, etc. am i missing an easier way?



Revisions and Commits

Event Timeline

werner triaged this task as Normal priority.Mar 24 2019, 10:51 AM
werner edited projects, added gnupg (gpg22); removed gnupg.
werner claimed this task.
werner added a subscriber: werner.

I implemented subkey collapsing in 2.3. It is enabled by default but you can disable it it with

--import-options no-collapse-subkeys