After importing a new key in an empty GNUPGHOME (this key was minimal and didn't
contain any signatures other than the self ones), I refreshed it from a
keyserver to download other sigs. I guess something went wrong (a race
condition perhaps), because signature packets were placed after the subkeys,
which in turn messed up the parsing of gpg's output:
$ gpg2 --homedir /tmp/gnupg-test --with-colons --list-sigs 06EAA066E397832F |
grep -E '^(pub|sub|uid|sig:([^:]*:){3}(06EAA066E397832F|39278DA8109E6244)):'
pub:-:4096:1:06EAA066E397832F:1246459499:::-:::scESCA:::::::
uid:-::::1286747091::B41FA634ADD68A6717D380A790190CB3BC80005B::Luca Capello
<luca@pca.it>:::::::::
sig:::1:06EAA066E397832F:1286747091::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:06EAA066E397832F:1246459499::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460297::::Luca Capello <luca@pca.it>:13x:::::8:
uid:-::::1286747538::3590ECEB44695F2B0D4E5B2E85EDBBF99C3A90C6::Luca Capello
<gismo@debian.org>:::::::::
sig:::1:06EAA066E397832F:1286747538::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:06EAA066E397832F:1246459499::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460232::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460297::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1286747091::::Luca Capello <luca@pca.it>:13x:::::8:
uid:-::::1453646682::8523545E8C0C86F63F6FC3387DE2D188A55481AF::Luca Capello
<luca.capello@infomaniak.ch>:::::::::
sig:::1:06EAA066E397832F:1453646682::::Luca Capello <luca@pca.it>:13x:::::10:
uid:-::::1454107799::45C4E00E6D5D53EDE22B1CC8D2B44DCE3E3E93B5::Luca Capello
<luca.capello@infomaniak.com>:::::::::
sig:::1:06EAA066E397832F:1454107799::::Luca Capello <luca@pca.it>:13x:::::10:
sub:-:4096:1:D91D57A03BE9F36D:1246460943::::::esa::::::
sig:::1:06EAA066E397832F:1246460943::::Luca Capello <luca@pca.it>:18x:::::8:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:06EAA066E397832F:1246459499::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460297::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1286747091::::Luca Capello <luca@pca.it>:13x:::::8:
sub:-:4096:1:90C02DEC2BB95F4B:1246460155::::::e::::::
sig:::1:06EAA066E397832F:1246460155::::Luca Capello <luca@pca.it>:18x:::::8:
Editing the key moves the packet to the right place:
~$ gpg2 --homedir /tmp/gnupg-test --edit-key 06EAA066E397832F
gpg: moving a key signature to the correct place
[…]
gpg> save
~$ gpg2 --homedir /tmp/gnupg-test --with-colons --list-sigs 06EAA066E397832F |
grep -E '^(pub|sub|uid|sig:([^:]*:){3}(06EAA066E397832F|39278DA8109E6244)):'
pub:-:4096:1:06EAA066E397832F:1246459499:::-:::scESCA:::::::
uid:-::::1286747091::B41FA634ADD68A6717D380A790190CB3BC80005B::Luca Capello
<luca@pca.it>:::::::::
sig:::1:06EAA066E397832F:1286747091::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:06EAA066E397832F:1246459499::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460297::::Luca Capello <luca@pca.it>:13x:::::8:
uid:-::::1286747538::3590ECEB44695F2B0D4E5B2E85EDBBF99C3A90C6::Luca Capello
<gismo@debian.org>:::::::::
sig:::1:06EAA066E397832F:1286747538::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sig:::1:06EAA066E397832F:1246459499::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460232::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460297::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1286747091::::Luca Capello <luca@pca.it>:13x:::::8:
uid:-::::1453646682::8523545E8C0C86F63F6FC3387DE2D188A55481AF::Luca Capello
<luca.capello@infomaniak.ch>:::::::::
sig:::1:06EAA066E397832F:1453646682::::Luca Capello <luca@pca.it>:13x:::::10:
uid:-::::1454107799::45C4E00E6D5D53EDE22B1CC8D2B44DCE3E3E93B5::Luca Capello
<luca.capello@infomaniak.com>:::::::::
sig:::1:06EAA066E397832F:1454107799::::Luca Capello <luca@pca.it>:13x:::::10:
sig:::1:06EAA066E397832F:1286747091::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246460297::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:06EAA066E397832F:1246459499::::Luca Capello <luca@pca.it>:13x:::::8:
sig:::1:39278DA8109E6244:1360031056::::Guilhem Moulin:10x:::::10:
sub:-:4096:1:D91D57A03BE9F36D:1246460943::::::esa::::::
sig:::1:06EAA066E397832F:1246460943::::Luca Capello <luca@pca.it>:18x:::::8:
sub:-:4096:1:90C02DEC2BB95F4B:1246460155::::::e::::::
sig:::1:06EAA066E397832F:1246460155::::Luca Capello <luca@pca.it>:18x:::::8:
I understand that one might not want to open the keyring in write mode with --list-*
commands. But --import/--refresh-keys should probably fix the key, and
--list-sigs could have printed a warning regarding the bad input.