Page MenuHome GnuPG
Create Task
Maniphest T7146

gpg: Add import option "no-seckeys"
Testing, NormalPublic
Actions

Description

When importing keys that were retrieved via WKD (e.g. manually downloaded or by some other program like Kleopatra) only public keys should be imported. As far as I can see, there is no way to set the internal IMPORT_NO_SECKEY keyserver option flag from the command line with the --import-options option (or some other option).

Revisions and Commits

rG GnuPG
rG4c65dfeb2878 gpg: Rename recently added import option no-seckeys to only-pubkeys.
rG489b9c6ebb50 gpg: Rename recently added import option no-seckeys to only-pubkeys.
rGe208ccc66c34 gpg: Rename recently added import option no-seckeys to only-pubkeys.
rG7788aba7d864 gpg: Add --import-option "no-seckeys".
rGdb556fcb7ada gpg: Add --import-option "no-seckeys".
rG8e691efb0588 gpg: Add --import-option "no-seckeys".

Related Objects

Event Timeline

ikloecker created this task.Jun 10 2024, 4:36 PM
werner added a commit: rG8e691efb0588: gpg: Add --import-option "no-seckeys"..Jun 11 2024, 3:51 PM
werner added a commit: rGdb556fcb7ada: gpg: Add --import-option "no-seckeys"..Jun 11 2024, 3:53 PM
werner added a commit: rG7788aba7d864: gpg: Add --import-option "no-seckeys"..Jun 11 2024, 3:55 PM
werner changed the task status from Open to Testing.Jun 11 2024, 3:56 PM
werner claimed this task.
werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
werner added a subscriber: werner.

Done for all branches,

werner triaged this task as Normal priority.Jun 11 2024, 3:57 PM
ikloecker mentioned this in T7150: Kleopatra: Import only public keys from WKD.Jun 11 2024, 4:31 PM
ikloecker changed the task status from Testing to Open.Jun 12 2024, 10:28 AM

This doesn't seem to work. I get

$ gpg --version
gpg (GnuPG) 2.4.6-beta4
libgcrypt 1.11.0

$ gpg --verbose --import-options no-seckeys ted.tester-pub.asc
gpg: unknown option 'no-seckeys'
gpg: invalid import options

I suspect that this is caused by the special handling of the "no-" prefix in parse_options.

I verified this hypothesis by renaming the option to "only-pubkeys". This makes the option work for me.

ikloecker mentioned this in T7152: gpgme: Support import options.Jun 12 2024, 11:02 AM
werner added a comment.Jun 24 2024, 11:51 AM

Okay. The option has been renamed to "only-pubkeys"

werner added a commit: rGe208ccc66c34: gpg: Rename recently added import option no-seckeys to only-pubkeys..Jun 24 2024, 11:55 AM
werner added a commit: rG4c65dfeb2878: gpg: Rename recently added import option no-seckeys to only-pubkeys..
werner added a commit: rG489b9c6ebb50: gpg: Rename recently added import option no-seckeys to only-pubkeys..
ikloecker changed the task status from Open to Testing.Jun 24 2024, 3:23 PM

The import option "only-pubkeys" works for me/Kleopatra.

werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM
werner mentioned this in T7087: Release GnuPG 2.2.44.Aug 16 2024, 1:47 PM
werner mentioned this in T7030: Release GnuPG 2.4.6.Oct 21 2024, 3:29 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Nov 21 2024, 3:28 PM
ebo added a project: vsd33.
ebo added a subscriber: ebo.

With gpg4win-beta-75++ tryiing to import a secret key results in no import:

C:\Users\g10code.WIN-TEST3>gpg --verbose --import --import-options only-pubkeys "z:neue_testzertifikate\Edward_Tester_0xB5297489_SECRET.asc"
[...]
gpg: sec rsa3072/06E28F5FB5297489 2023-03-08 Edward Tester <Edward.Tester@demo.gnupg.com>
gpg: Importieren geheimer Schlüssel ist nicht erlaubt
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: gelesene geheime Schlüssel: 1

I believe that it was was intended with this task.

ebo moved this task from Backlog to QA on the vsd33 board.Nov 21 2024, 3:28 PM