import-export does not remove duplicated subkeys
Open, NormalPublic


This OpenPGP keyring has a single certificate with a bunch of duplicate subkeys:

It got this way due to bugs in no-longer-supported versions of GnuPG, afaict.

According to gpg(1), by default repair-keys is enabled, which should clean up duplicate signatures. But it looks like it doesn't remove duplicate subkeys.

My usual method for pruning an OpenPGP certificate is to launder it through gpg --import-export, but that doesn't clean up this key.

If i strip off all of the subkeys, and import only the primary key into a new keyring; and then i import the entire certificate into that new keyring; then the *merge* operation pares down the duplicates. But this is a pretty heinous workflow, involving gpgsplit, etc. am i missing an easier way?


dkg created this task.Mar 23 2019, 12:07 AM
werner edited projects, added gnupg (gpg22); removed gnupg.Mar 24 2019, 10:51 AM
werner triaged this task as Normal priority.