Change Details

The documentation for import-clean claims: This option is the same as running the --edit-key command "clean" after import. The documentation for export-clean claims: This option is the same as running the --edit-key command "clean" before export except that the local copy of the key is not modified. Neither of these appears to be the case. With the attached transferable public key (pulled from the debian keyring), i can --import and --export it (both using the appropriate -clean options) and the resultant exported transferable public key is unchanged. if i manually use the --edit-key subcommand "clean" and then re-export the key, then the emitted key is actually cleaned. Below is an example transcript using 2.1.13 with the attached transferable public key in a new home directory. 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --list-keys gpg: keybox '/tmp/cdtemp.3Gj0sI/pubring.kbx' created 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --import-options import-clean --import < 0x06EAA066E397832F.orig.asc gpg: key 06EAA066E397832F: public key "Luca Capello <luca@pca.it>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean --export 0x06EAA066E397832F > 0x06EAA066E397832F.exported.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --edit-key 0x06EAA066E397832F clean gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. uid Luca Capello <gismo@debian.org> sig!3 06EAA066E397832F 2010-10-10 never [self-signature]* uid Luca Capello <luca.capello@infomaniak.ch> sig!3 06EAA066E397832F 2016-01-24 never [self-signature]* uid Luca Capello <luca.capello@infomaniak.com> sig!3 06EAA066E397832F 2016-01-29 never [self-signature]* sub 90C02DEC2BB95F4B sig! 06EAA066E397832F 2009-07-01 never [self-signature]* uid Luca Capello <luca@pca.it> (reordered signatures follow) sig!3 06EAA066E397832F 2009-07-01 never [self-signature] sig!3 06EAA066E397832F 2009-07-01 never [self-signature] [primary] sig!3 06EAA066E397832F 2010-10-10 never [self-signature] [primary] sub D91D57A03BE9F36D sig! 06EAA066E397832F 2009-07-01 never [self-signature]* sub F37834C0675E1031 sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] sub 669F597AA0ACD061 sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] sub CBAA74B5D18542FA sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] key 06EAA066E397832F: 1 duplicate signature removed 3 signatures reordered Warning: errors found and only checked self-signatures, run 'check' to check all signatures. pub rsa4096/06EAA066E397832F created: 2009-07-01 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/90C02DEC2BB95F4B created: 2009-07-01 expires: never usage: E sub rsa4096/D91D57A03BE9F36D created: 2009-07-01 expires: never usage: SEA sub rsa4096/F37834C0675E1031 created: 2016-02-22 expires: 2017-02-21 usage: S sub rsa4096/669F597AA0ACD061 created: 2016-02-22 expires: 2017-02-21 usage: E sub rsa4096/CBAA74B5D18542FA created: 2016-02-22 expires: 2017-02-21 usage: A [ unknown] (1). Luca Capello <luca@pca.it> [ unknown] (2) Luca Capello <gismo@debian.org> [ unknown] (3) Luca Capello <luca.capello@infomaniak.ch> [ unknown] (4) Luca Capello <luca.capello@infomaniak.com> User ID "Luca Capello <luca@pca.it>": 3 signatures removed User ID "Luca Capello <gismo@debian.org>": already clean User ID "Luca Capello <luca.capello@infomaniak.ch>": already clean User ID "Luca Capello <luca.capello@infomaniak.com>": already clean pub rsa4096/06EAA066E397832F created: 2009-07-01 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/90C02DEC2BB95F4B created: 2009-07-01 expires: never usage: E sub rsa4096/D91D57A03BE9F36D created: 2009-07-01 expires: never usage: SEA sub rsa4096/F37834C0675E1031 created: 2016-02-22 expires: 2017-02-21 usage: S sub rsa4096/669F597AA0ACD061 created: 2016-02-22 expires: 2017-02-21 usage: E sub rsa4096/CBAA74B5D18542FA created: 2016-02-22 expires: 2017-02-21 usage: A [ unknown] (1). Luca Capello <luca@pca.it> [ unknown] (2) Luca Capello <gismo@debian.org> [ unknown] (3) Luca Capello <luca.capello@infomaniak.ch> [ unknown] (4) Luca Capello <luca.capello@infomaniak.com> gpg> save Preferred keyserver: hkp://keyring.debian.org Preferred keyserver: hkp://pool.sks-keyservers.net 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean --export 0x06EAA066E397832F > 0x06EAA066E397832F.exported-after.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ ls -la 0x06EAA066E397832F.*.asc -rw-r--r-- 1 dkg dkg 221833 Jun 27 12:35 0x06EAA066E397832F.exported-after.asc -rw-r--r-- 1 dkg dkg 225018 Jun 27 12:35 0x06EAA066E397832F.exported.asc -rw-r--r-- 1 dkg dkg 225018 Jun 27 12:29 0x06EAA066E397832F.orig.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ sha256sum 0x06EAA066E397832F.*.asc 833f1372ef7d38271610ebce9b7b3cbe7ed8434e271b0e90a2e0769ce1b4a969 0x06EAA066E397832F.exported-after.asc 0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 0x06EAA066E397832F.exported.asc 0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 0x06EAA066E397832F.orig.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$

The documentation for import-clean claims: This option is the same as running the --edit-key command "clean" after import. The documentation for export-clean claims: This option is the same as running the --edit-key command "clean" before export except that the local copy of the key is not modified. Neither of these appears to be the case. With the attached transferable public key (pulled from the debian keyring), i can --import and --export it (both using the appropriate -clean options) and the resultant exported transferable public key is unchanged. if i manually use the --edit-key subcommand "clean" and then re-export the key, then the emitted key is actually cleaned. Below is an example transcript using 2.1.13 with the attached transferable public key in a new home directory. ``` 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --list-keys gpg: keybox '/tmp/cdtemp.3Gj0sI/pubring.kbx' created 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --import-options import-clean --import < 0x06EAA066E397832F.orig.asc gpg: key 06EAA066E397832F: public key "Luca Capello <luca@pca.it>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean --export 0x06EAA066E397832F > 0x06EAA066E397832F.exported.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --edit-key 0x06EAA066E397832F clean gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. uid Luca Capello <gismo@debian.org> sig!3 06EAA066E397832F 2010-10-10 never [self-signature]* uid Luca Capello <luca.capello@infomaniak.ch> sig!3 06EAA066E397832F 2016-01-24 never [self-signature]* uid Luca Capello <luca.capello@infomaniak.com> sig!3 06EAA066E397832F 2016-01-29 never [self-signature]* sub 90C02DEC2BB95F4B sig! 06EAA066E397832F 2009-07-01 never [self-signature]* uid Luca Capello <luca@pca.it> (reordered signatures follow) sig!3 06EAA066E397832F 2009-07-01 never [self-signature] sig!3 06EAA066E397832F 2009-07-01 never [self-signature] [primary] sig!3 06EAA066E397832F 2010-10-10 never [self-signature] [primary] sub D91D57A03BE9F36D sig! 06EAA066E397832F 2009-07-01 never [self-signature]* sub F37834C0675E1031 sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] sub 669F597AA0ACD061 sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] sub CBAA74B5D18542FA sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] key 06EAA066E397832F: 1 duplicate signature removed 3 signatures reordered Warning: errors found and only checked self-signatures, run 'check' to check all signatures. pub rsa4096/06EAA066E397832F created: 2009-07-01 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/90C02DEC2BB95F4B created: 2009-07-01 expires: never usage: E sub rsa4096/D91D57A03BE9F36D created: 2009-07-01 expires: never usage: SEA sub rsa4096/F37834C0675E1031 created: 2016-02-22 expires: 2017-02-21 usage: S sub rsa4096/669F597AA0ACD061 created: 2016-02-22 expires: 2017-02-21 usage: E sub rsa4096/CBAA74B5D18542FA created: 2016-02-22 expires: 2017-02-21 usage: A [ unknown] (1). Luca Capello <luca@pca.it> [ unknown] (2) Luca Capello <gismo@debian.org> [ unknown] (3) Luca Capello <luca.capello@infomaniak.ch> [ unknown] (4) Luca Capello <luca.capello@infomaniak.com> User ID "Luca Capello <luca@pca.it>": 3 signatures removed User ID "Luca Capello <gismo@debian.org>": already clean User ID "Luca Capello <luca.capello@infomaniak.ch>": already clean User ID "Luca Capello <luca.capello@infomaniak.com>": already clean pub rsa4096/06EAA066E397832F created: 2009-07-01 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/90C02DEC2BB95F4B created: 2009-07-01 expires: never usage: E sub rsa4096/D91D57A03BE9F36D created: 2009-07-01 expires: never usage: SEA sub rsa4096/F37834C0675E1031 created: 2016-02-22 expires: 2017-02-21 usage: S sub rsa4096/669F597AA0ACD061 created: 2016-02-22 expires: 2017-02-21 usage: E sub rsa4096/CBAA74B5D18542FA created: 2016-02-22 expires: 2017-02-21 usage: A [ unknown] (1). Luca Capello <luca@pca.it> [ unknown] (2) Luca Capello <gismo@debian.org> [ unknown] (3) Luca Capello <luca.capello@infomaniak.ch> [ unknown] (4) Luca Capello <luca.capello@infomaniak.com> gpg> save Preferred keyserver: hkp://keyring.debian.org Preferred keyserver: hkp://pool.sks-keyservers.net 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean --export 0x06EAA066E397832F > 0x06EAA066E397832F.exported-after.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ ls -la 0x06EAA066E397832F.*.asc -rw-r--r-- 1 dkg dkg 221833 Jun 27 12:35 0x06EAA066E397832F.exported-after.asc -rw-r--r-- 1 dkg dkg 225018 Jun 27 12:35 0x06EAA066E397832F.exported.asc -rw-r--r-- 1 dkg dkg 225018 Jun 27 12:29 0x06EAA066E397832F.orig.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ sha256sum 0x06EAA066E397832F.*.asc 833f1372ef7d38271610ebce9b7b3cbe7ed8434e271b0e90a2e0769ce1b4a969 0x06EAA066E397832F.exported-after.asc 0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 0x06EAA066E397832F.exported.asc 0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 0x06EAA066E397832F.orig.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ ```

The documentation for import-clean claims: This option is the same as running the --edit-key command "clean" after import. The documentation for export-clean claims: This option is the same as running the --edit-key command "clean" before export except that the local copy of the key is not modified. Neither of these appears to be the case. With the attached transferable public key (pulled from the debian keyring), i can --import and --export it (both using the appropriate -clean options) and the resultant exported transferable public key is unchanged. if i manually use the --edit-key subcommand "clean" and then re-export the key, then the emitted key is actually cleaned. Below is an example transcript using 2.1.13 with the attached transferable public key in a new home directory. ``` 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --list-keys gpg: keybox '/tmp/cdtemp.3Gj0sI/pubring.kbx' created 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --import-options import-clean --import < 0x06EAA066E397832F.orig.asc gpg: key 06EAA066E397832F: public key "Luca Capello <luca@pca.it>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean --export 0x06EAA066E397832F > 0x06EAA066E397832F.exported.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --edit-key 0x06EAA066E397832F clean gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. uid Luca Capello <gismo@debian.org> sig!3 06EAA066E397832F 2010-10-10 never [self-signature]* uid Luca Capello <luca.capello@infomaniak.ch> sig!3 06EAA066E397832F 2016-01-24 never [self-signature]* uid Luca Capello <luca.capello@infomaniak.com> sig!3 06EAA066E397832F 2016-01-29 never [self-signature]* sub 90C02DEC2BB95F4B sig! 06EAA066E397832F 2009-07-01 never [self-signature]* uid Luca Capello <luca@pca.it> (reordered signatures follow) sig!3 06EAA066E397832F 2009-07-01 never [self-signature] sig!3 06EAA066E397832F 2009-07-01 never [self-signature] [primary] sig!3 06EAA066E397832F 2010-10-10 never [self-signature] [primary] sub D91D57A03BE9F36D sig! 06EAA066E397832F 2009-07-01 never [self-signature]* sub F37834C0675E1031 sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] sub 669F597AA0ACD061 sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] sub CBAA74B5D18542FA sig! 06EAA066E397832F 2016-02-22 never [self-signature]* [expires: 2010-07-01 14:44:59] key 06EAA066E397832F: 1 duplicate signature removed 3 signatures reordered Warning: errors found and only checked self-signatures, run 'check' to check all signatures. pub rsa4096/06EAA066E397832F created: 2009-07-01 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/90C02DEC2BB95F4B created: 2009-07-01 expires: never usage: E sub rsa4096/D91D57A03BE9F36D created: 2009-07-01 expires: never usage: SEA sub rsa4096/F37834C0675E1031 created: 2016-02-22 expires: 2017-02-21 usage: S sub rsa4096/669F597AA0ACD061 created: 2016-02-22 expires: 2017-02-21 usage: E sub rsa4096/CBAA74B5D18542FA created: 2016-02-22 expires: 2017-02-21 usage: A [ unknown] (1). Luca Capello <luca@pca.it> [ unknown] (2) Luca Capello <gismo@debian.org> [ unknown] (3) Luca Capello <luca.capello@infomaniak.ch> [ unknown] (4) Luca Capello <luca.capello@infomaniak.com> User ID "Luca Capello <luca@pca.it>": 3 signatures removed User ID "Luca Capello <gismo@debian.org>": already clean User ID "Luca Capello <luca.capello@infomaniak.ch>": already clean User ID "Luca Capello <luca.capello@infomaniak.com>": already clean pub rsa4096/06EAA066E397832F created: 2009-07-01 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/90C02DEC2BB95F4B created: 2009-07-01 expires: never usage: E sub rsa4096/D91D57A03BE9F36D created: 2009-07-01 expires: never usage: SEA sub rsa4096/F37834C0675E1031 created: 2016-02-22 expires: 2017-02-21 usage: S sub rsa4096/669F597AA0ACD061 created: 2016-02-22 expires: 2017-02-21 usage: E sub rsa4096/CBAA74B5D18542FA created: 2016-02-22 expires: 2017-02-21 usage: A [ unknown] (1). Luca Capello <luca@pca.it> [ unknown] (2) Luca Capello <gismo@debian.org> [ unknown] (3) Luca Capello <luca.capello@infomaniak.ch> [ unknown] (4) Luca Capello <luca.capello@infomaniak.com> gpg> save Preferred keyserver: hkp://keyring.debian.org Preferred keyserver: hkp://pool.sks-keyservers.net 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ gpg --armor --export-options export-clean --export 0x06EAA066E397832F > 0x06EAA066E397832F.exported-after.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ ls -la 0x06EAA066E397832F.*.asc -rw-r--r-- 1 dkg dkg 221833 Jun 27 12:35 0x06EAA066E397832F.exported-after.asc -rw-r--r-- 1 dkg dkg 225018 Jun 27 12:35 0x06EAA066E397832F.exported.asc -rw-r--r-- 1 dkg dkg 225018 Jun 27 12:29 0x06EAA066E397832F.orig.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ sha256sum 0x06EAA066E397832F.*.asc 833f1372ef7d38271610ebce9b7b3cbe7ed8434e271b0e90a2e0769ce1b4a969 0x06EAA066E397832F.exported-after.asc 0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 0x06EAA066E397832F.exported.asc 0ab203cc7ba50520be4085f7855b3e5bfd878bc1738a63d5da7b66ea6bf438f3 0x06EAA066E397832F.orig.asc 0 dkg@alice:/tmp/cdtemp.3Gj0sI$ ```