Page MenuHome GnuPG

gpgme uses incorrect flags for minimal, no uid export of public keys
Open, NormalPublic

Description

In src/engine-gpg.c , in the function export_common, there's this snippet:

if ((mode & GPGME_EXPORT_MODE_MINIMAL))
  {
    if ((mode & GPGME_EXPORT_MODE_NOUID))
      err = add_arg (gpg, "--export-options=export-minimal,export-drop-uids");
    else
      err = add_arg (gpg, "--export-options=export-minimal");
  }

However, recent versions of gnupg require --export-options=export-minimal,no-export-attributes to drop the uid.

I don't know how to add compatibility with older GPG versions to gpgme, but if that is not needed the fix is simple of course.

Details

Version
1.15.1

Event Timeline

werner triaged this task as Normal priority.Feb 1 2021, 4:50 PM
werner added a subscriber: werner.

Oops, that was an experimental feature never intended for a released version. Will be removed in a way that it does not leas to compile problems - just to be extra cautiousness.

Thanks for reporting.

Not exactly the answer I was hoping for..

For generating autocrypt headers, I'm looking for a way to do the minimal and no-attributes export, and this seemed to be the right direction. Or should this NOUID flag have a name that better matches the GPG cli?

There's this thread as well: https://lists.gnupg.org/pipermail/gnupg-devel/2014-January/028135.html but that patch seems to have been abandoned. Would you mind if I try reviving it?

A public keyblock without a user id packet is non-compliant. I see no reason to provide a feature to created crippled data. We had all this discussions back in the early 90s regarding to self-signatures. OpenPGP spoke a final word on this in 1998 by making user ids and corresponding self-signatures mandatory.

Dropping attributes is a different thing than user ids. I probably forgot about your patch. Repurposing that flag value for dropping attributes makes sense to me.