Page MenuHome GnuPG

Adding an ADSK to several keys may fail with Wrong Key Usage.
Closed, ResolvedPublic


Here is the main part of original report to gnupg-users:


I want to setup one backup key as an ADSK for multiple keys. After
adding the ADSK to the first key, further attempts to add the same
ADSK to other keys fail with the error message:

gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: Wrong key usage
gpg: Did you specify the fingerprint of a subkey?

My guess is that the fingerprint is resolved to the ADSK of the first
key with key usage R instead of the original subkey with key usage
SEAR. If I delete the key with the first ADSK and try to add the ADSK
to a second key, gpg can no longer find the original subkey:

gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: No public key

How can I configure the same subkey as an ADSK for multiple other keys?



gnupg 2.4.1

Event Timeline

werner created this task.
werner updated the task description. (Show Details)
werner lowered the priority of this task from High to Normal.May 25 2023, 11:21 AM

There is an easy workaround: Append an exclamation mark to the adsk key. This way gpg will only search for this subkey.
An example with my test keys:

gpg --quick-add-adsk B21DEAB4F875FB3DA42F1D1D139563682A020D0A 4B15875F00C41493411C590F7CA8F627941606AD\!
werner claimed this task.
werner moved this task from Backlog to gnupg-2.4.2 on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.2); removed gnupg24.

The fix actually does the same as my suggested workaround.

werner renamed this task from Adding an ADKS to several keys may fail with Wrong Key Usage. to Adding an ADSK to several keys may fail with Wrong Key Usage..May 30 2023, 10:36 AM