Page MenuHome GnuPG
Create Task
Maniphest T6504

Adding an ADSK to several keys may fail with Wrong Key Usage.
Closed, ResolvedPublic
Actions

Description

Here is the main part of original report to gnupg-users:

Hi,

I want to setup one backup key as an ADSK for multiple keys. After
adding the ADSK to the first key, further attempts to add the same
ADSK to other keys fail with the error message:

gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: Wrong key usage
gpg: Did you specify the fingerprint of a subkey?

My guess is that the fingerprint is resolved to the ADSK of the first
key with key usage R instead of the original subkey with key usage
SEAR. If I delete the key with the first ADSK and try to add the ADSK
to a second key, gpg can no longer find the original subkey:

gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: No public key

How can I configure the same subkey as an ADSK for multiple other keys?

Regards,
Robin

Details

Version
gnupg 2.4.1

Revisions and Commits

rG GnuPG
rG14828c75be10 gpg: Fix searching for the ADSK key when adding an ADSK.
rG9f2f7a51b243 gpg: Skip keys found via ADSKs.
rGa391d8f4be4e gpg: Skip keys found via ADSKs.
rG09a96c9e1bea gpg: Skip keys found via ADSKs.
rGe9dd47d789e8 gpg: Fix searching for the ADSK key when adding an ADSK.

Related Objects

Event Timeline

werner triaged this task as High priority.May 23 2023, 3:18 PM
werner created this task.
werner updated the task description. (Show Details)
jans added a subscriber: jans.May 23 2023, 4:00 PM
werner lowered the priority of this task from High to Normal.May 25 2023, 11:21 AM

There is an easy workaround: Append an exclamation mark to the adsk key. This way gpg will only search for this subkey.
An example with my test keys:

gpg --quick-add-adsk B21DEAB4F875FB3DA42F1D1D139563682A020D0A 4B15875F00C41493411C590F7CA8F627941606AD\!
werner added a commit: rGe9dd47d789e8: gpg: Fix searching for the ADSK key when adding an ADSK..May 25 2023, 12:01 PM
werner closed this task as Resolved.May 25 2023, 12:03 PM
werner claimed this task.
werner moved this task from Backlog to gnupg-2.4.2 on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.2); removed gnupg24.

The fix actually does the same as my suggested workaround.

werner added a commit: rG09a96c9e1bea: gpg: Skip keys found via ADSKs..May 25 2023, 4:50 PM
werner added a commit: rGa391d8f4be4e: gpg: Skip keys found via ADSKs..May 25 2023, 4:54 PM
werner renamed this task from Adding an ADKS to several keys may fail with Wrong Key Usage. to Adding an ADSK to several keys may fail with Wrong Key Usage..May 30 2023, 10:36 AM
werner mentioned this in T6506: Release GnuPG 2.4.2.May 30 2023, 4:42 PM
werner added a commit: rG9f2f7a51b243: gpg: Skip keys found via ADSKs..Jun 15 2023, 11:17 AM
werner added a commit: rG14828c75be10: gpg: Fix searching for the ADSK key when adding an ADSK..
werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM