Page MenuHome GnuPG
Create Task
Maniphest T8076

Kleopatra: Unable to completely delete key with secret subkeys and "offline" primary key
Open, NormalPublic
Actions

Description

This bug was first reported at https://bugs.kde.org/show_bug.cgi?id=515372

Original title: Unable to completely delete incomplete team key

SUMMARY

After deleting the incomplete team key in Kleopatra and then importing the public key of that team key, it will be found that the secret key of the team key is still present.

STEPS TO REPRODUCE

  1. Create an OpenPGP key (hereinafter referred to as Key A) with the "Set up this key for shared usage in teams" option enabled.
  2. Save secret team key for Key A; whether the "Allow team members to sign with the team key" option is enabled or not has no effect.
  3. Export the public key of Key A.
  4. Delete Key A
  5. Import the secret team key A that was exported earlier (the one with the incomplete certificate).
  6. Delete secret team key A that was just imported.
  7. Import the public key of Key A.

OBSERVED RESULT

The imported key A contains its public key and an incomplete secret key.

EXPECTED RESULT

The imported key A contains only the public key, not the secret key.

SOFTWARE/OS VERSIONS

Kleopatra: Gpg4win-5.0.1
Kleopatra: 76f98d94d858d18edd22b8d26aad565b1f71671f
GnuPG: 2.5.17
Libgcrypt: 1.11.2
KDE Frameworks: 6.20.0
Qt: Using 6.10.1 and built against 6.10.1
Windows 10 Version 21H2
Build ABI: x86_64-little_endian-llp64
Kernel: winnt 10.0.19044

ADDITIONAL INFORMATION

This might be a problem with the GPG core; it's reported that using GPG commands directly makes it impossible to delete incomplete team keys.

Details

Version
Gpg4win-5.0.1

Related Objects

Event Timeline

ikloecker created this task.Mon, Feb 2, 11:27 AM
ikloecker added a comment.Mon, Feb 2, 11:39 AM

This is actually a (known) bug in gpg, i.e. gpg --delete-secret-and-public-key PRIMARY_KEY_FPR only deletes the public key for keys without primary secret key.

A possible workaround seems to be to call gpg --delete-secret-and-public-key 'SUBKEY_FPR!' for each secret subkey followed by a gpg --delete-key PRIMARY_KEY_FPR to get rid of the key including all its secret subkeys.

ikloecker renamed this task from Kleopatra: Unable to completely delete incomplete team key to Kleopatra: Unable to completely delete key with secret subkeys and "offline" primary key.Mon, Feb 2, 11:49 AM
ikloecker updated the task description. (Show Details)
ebo added a project: gpd5x.Mon, Feb 2, 11:53 AM
werner triaged this task as Normal priority.Mon, Feb 2, 12:08 PM
werner added a project: gnupg26.