Page MenuHome GnuPG

--locate-key does not consider expired subkeys.
Open, NormalPublic


When selecting the best matching key --locate-key should also consider subkeys and prefer a key which has a valid encryption subkey. Test case as of today is dewey at the domain which has an ed25519 key with two expired subkeys as well as an rsa1024 key with valid subkey. Get it from WKD.

Related Objects

Event Timeline

werner triaged this task as Normal priority.Jan 26 2023, 9:40 AM
werner created this task.
werner created this object with edit policy "Contributor (Project)".

To fix this we also need to fix our key selection test (key-selection.scm) which is can't cope with all combinations. The tests are run with a faked time of 2004-01-01 on all subsets of this ordered list of keys

  • no encryption-capable subkey, created: 2003-11-30, expires: 2006-11-29
  • encryption-capable subkey, created: 2000-12-31, expired: 2001-12-31
  • encryption-capable subkey, created: 2001-12-31, expires: 2006-12-30
  • encryption-capable subkey, created: 2002-12-31, expires: 2005-12-30
  • encryption-capable subkeys, last created: 2003-05-31, expires: 2005-05-30

and assume that the first key from each subset is the desired one.