Change Details

On gpg (GnuPG) 2.1.18 on Debian Testing, for an university assignment, I accidentally messed up the command order and supplied --keyserver after --send-keys. Instead of bailing out due to not understanding it, GnuPG decided to upload my key to the wrong keyserver without asking me, leaking a public key I only intended to use for an university assignment to a public server with no way to undo it. Expected result: > $ gpg —send-keys 6B1816496C48E48BD3FBAA20B22FD1EDBF11B728 —keyserver sec1.aii.avans.nl > gpg: Note: '--keyserver' is not considered an option: bailing out Actual result: > $ gpg —send-keys 6B1816496C48E48BD3FBAA20B22FD1EDBF11B728 —keyserver sec1.aii.avans.nl > gpg: Note: '--keyserver' is not considered an option > gpg: "--keyserver" not a key ID: skipping > gpg: "sec1.aii.avans.nl" not a key ID: skipping > gpg: sending key B22FD1EDBF11B728 to hkp://keys.gnupg.net Note: I have searched the bugtracker but could not find any issue like this.

On gpg (GnuPG) 2.1.18 on Debian Testing, which I was using for an university assignment, I accidentally messed up the command order and supplied --keyserver after --send-keys. Instead of bailing out due to not understanding it, GnuPG decided to upload my key to the wrong keyserver without asking me, leaking a public key I only intended to use for an university assignment to a public server with no way to undo it. Expected result: > $ gpg —send-keys 6B1816496C48E48BD3FBAA20B22FD1EDBF11B728 —keyserver sec1.aii.avans.nl > gpg: Note: '--keyserver' is not considered an option: bailing out Actual result: > $ gpg —send-keys 6B1816496C48E48BD3FBAA20B22FD1EDBF11B728 —keyserver sec1.aii.avans.nl > gpg: Note: '--keyserver' is not considered an option > gpg: "--keyserver" not a key ID: skipping > gpg: "sec1.aii.avans.nl" not a key ID: skipping > gpg: sending key B22FD1EDBF11B728 to hkp://keys.gnupg.net Note: I have searched the bugtracker but could not find any issue like this.

On gpg (GnuPG) 2.1.18 on Debian Testing, which I was using for an university assignment, I accidentally messed up the command order and supplied --keyserver after --send-keys. Instead of bailing out due to not understanding it, GnuPG decided to upload my key to the wrong keyserver without asking me, leaking a public key I only intended to use for an university assignment to a public server with no way to undo it. Expected result: > $ gpg —send-keys 6B1816496C48E48BD3FBAA20B22FD1EDBF11B728 —keyserver sec1.aii.avans.nl > gpg: Note: '--keyserver' is not considered an option: bailing out Actual result: > $ gpg —send-keys 6B1816496C48E48BD3FBAA20B22FD1EDBF11B728 —keyserver sec1.aii.avans.nl > gpg: Note: '--keyserver' is not considered an option > gpg: "--keyserver" not a key ID: skipping > gpg: "sec1.aii.avans.nl" not a key ID: skipping > gpg: sending key B22FD1EDBF11B728 to hkp://keys.gnupg.net Note: I have searched the bugtracker but could not find any issue like this.