gpg --delete-key of subkey leaves dangling subkey binding signature
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dkg
	Aug 3 2019, 5:12 PM

Description

The attached reproducer script shows that deleting a subkey with --delete-key '0xDECAFBAD!' appears to leave a dangling subkey binding signature.

dangling-subkey-binding-signature.sh829 BDownload

Here is a transcript:

$ ./dangling-subkey-binding-signature.sh 
++ mktemp -d
+ homedir=/home/dkg/tmp/tmp.5sX8QDfN3S
+ trap cleanup exit
+ opts=(--homedir "$homedir" --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons)
+ g --quick-gen-key 'test user <test@example.org>' default default 0
+ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --quick-gen-key 'test user <test@example.org>' default default 0
gpg: keybox '/home/dkg/tmp/tmp.5sX8QDfN3S/pubring.kbx' created
gpg: /home/dkg/tmp/tmp.5sX8QDfN3S/trustdb.gpg: trustdb created
gpg: key 625BF966319B174B marked as ultimately trusted
gpg: directory '/home/dkg/tmp/tmp.5sX8QDfN3S/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/dkg/tmp/tmp.5sX8QDfN3S/openpgp-revocs.d/A0CD346B22D6C29420626BCA625BF966319B174B.rev'
++ g --list-keys
++ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --list-keys
++ get_subkey_fpr
++ awk -F: '/^pub:/{ x = 0 } /^sub:/{ x = 1 } /^fpr:/{ if (x) { print $10 } }'
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+ subkey=8036033426F987D6D6CB14190BD01B04C34D70FD
+ g --delete-secret-key '0x8036033426F987D6D6CB14190BD01B04C34D70FD!'
+ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --delete-secret-key '0x8036033426F987D6D6CB14190BD01B04C34D70FD!'
+ g --delete-key '0x8036033426F987D6D6CB14190BD01B04C34D70FD!'
+ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --delete-key '0x8036033426F987D6D6CB14190BD01B04C34D70FD!'
+ g --check-sigs
+ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --check-sigs
tru::1:1564844974:0:3:1:5
pub:u:3072:1:625BF966319B174B:1564844971:::u:::scSC::::::23::0:
fpr:::::::::A0CD346B22D6C29420626BCA625BF966319B174B:
uid:u::::1564844971::C541FF27062C3043596BC0F085C45A80DC29D495::test user <test@example.org>::::::::::0:
sig:!::1:625BF966319B174B:1564844971::::test user <test@example.org>:13x::A0CD346B22D6C29420626BCA625BF966319B174B:::10:
sig:%::1:625BF966319B174B:1564844971::::[Invalid signature class] :18x::A0CD346B22D6C29420626BCA625BF966319B174B:::10:
+ g --edit-key test clean save
+ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --edit-key test clean save
gpg: key 625BF966319B174B: 1 bad signature
gpg: key 625BF966319B174B: Warning: errors found and only checked self-signatures, run 'check' to check all signatures.
Secret key is available.


User ID "test user <test@example.org>": 1 signature removed


sec:u:3072:1:625BF966319B174B:1564844971:0::u:::sc
fpr:::::::::A0CD346B22D6C29420626BCA625BF966319B174B:
uid:u::::::::test user <test@example.org>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
sec:u:3072:1:625BF966319B174B:1564844971:0::u:::sc
fpr:::::::::A0CD346B22D6C29420626BCA625BF966319B174B:
uid:u::::::::test user <test@example.org>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
+ g --check-sigs
+ gpg --homedir /home/dkg/tmp/tmp.5sX8QDfN3S --pinentry-mode loopback --passphrase '' --batch --yes --fixed-list-mode --with-colons --check-sigs
tru::1:1564844974:0:3:1:5
pub:u:3072:1:625BF966319B174B:1564844971:::u:::scSC::::::23::0:
fpr:::::::::A0CD346B22D6C29420626BCA625BF966319B174B:
uid:u::::1564844971::C541FF27062C3043596BC0F085C45A80DC29D495::test user <test@example.org>::::::::::0:
sig:!::1:625BF966319B174B:1564844971::::test user <test@example.org>:13x::A0CD346B22D6C29420626BCA625BF966319B174B:::10:
+ cleanup
+ printf 'cleaning up ephemeral homedir %s\n' /home/dkg/tmp/tmp.5sX8QDfN3S
cleaning up ephemeral homedir /home/dkg/tmp/tmp.5sX8QDfN3S
+ rm -rf /home/dkg/tmp/tmp.5sX8QDfN3S
$

Details

Version: 2.2.17

Revisions and Commits

rG GnuPG
	rGd8052db74a0d gpg: Also delete key-binding signature when deleting a subkey.
	rGd1bc12d1b66e gpg: Also delete key-binding signature when deleting a subkey.

Related Objects

Mentioned In: T4684: Release GnuPG 2.2.18

Event Timeline

dkg created this task.Aug 3 2019, 5:12 PM

• werner triaged this task as Normal priority.Aug 5 2019, 7:51 PM

• werner moved this task from Backlog to For next release on the gnupg (gpg22) board.Aug 23 2019, 10:47 AM

• werner added a commit: rGd1bc12d1b66e: gpg: Also delete key-binding signature when deleting a subkey..Oct 15 2019, 2:33 PM

• werner added a commit: rGd8052db74a0d: gpg: Also delete key-binding signature when deleting a subkey..Oct 15 2019, 2:38 PM

• werner lowered the priority of this task from Normal to Wishlist.Oct 15 2019, 2:38 PM

• werner moved this task from For next release to Ready for release on the gnupg (gpg22) board.

• werner changed the task status from Open to Testing.Oct 15 2019, 2:41 PM

• werner mentioned this in T4684: Release GnuPG 2.2.18.Nov 25 2019, 10:11 PM

• werner closed this task as Resolved.Nov 25 2019, 10:13 PM

• werner claimed this task.