Package: gpg Version: 2.4.7-21+deb13u1+b2 Severity: normal File: /usr/bin/gpg
Dear Maintainer, It appears that when GnuPG generates keys with the --dry-run option, rather than discarding any generated keys, it creates and stores new private keys on disk. However, these keys cannot be accessed via the keyring, meaning they effectively just take up disk space with no use. Consider the following sequence of shell commands (with some irrelevant output removed or replaced). $ mkdir -m u=rwx,go= ~/gpg-test $ export GNUPGHOME=~/gpg-test $ gpg --dry-run --yes --quick-generate-key "hello <[email protected]>" gpg: keybox '/.../gpg-test/pubring.kbx' created [...] gpg: /.../gpg-test/trustdb.gpg: trustdb created gpg: directory '/.../gpg-test/openpgp-revocs.d' created gpg: revocation certificate stored as '/.../gpg-test/openpgp-revocs.d/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.rev' public and secret key created and signed. pub ed25519 YYYY-MM-DD [SC] [expires: YYYY-MM-DD] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX uid hello <[email protected]> sub cv25519 YYYY-MM-DD [E] $ gpg --check-trustdb gpg: Note: ultimately trusted key XXXXXXXXXXXXXXXX not found gpg: no ultimately trusted keys found $ gpg --list-public-keys $ gpg --list-secret-keys $ ls $GNUPGHOME openpgp-revocs.d private-keys-v1.d pubring.kbx trustdb.gpg $ ls $GNUPGHOME/openpgp-revocs.d $ ls $GNUPGHOME/private-keys-v1.d YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.key ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ.key $ After the key XXXXXXXXXXXXXXXX is said to be generated, gpg is unable to find it. This is expected, due to the use --dry-run. However, the `$GNUPGHOME/private-keys-v1.d` directory is filled with two keys - YYYYYYYYYYYYYYYY and ZZZZZZZZZZZZZZZZ - neither of which are specified by the key generation nor can be reached via the keyring. To my understanding, these files have no use and should not have been left by gpg. Take care, Seth McDonald. -- System Information: Debian Release: 13.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpg depends on: ii gpgconf 2.4.7-21+deb13u1+b2 ii init-system-helpers 1.69~deb13u1 ii libassuan9 3.0.2-2 ii libbz2-1.0 1.0.8-6 ii libc6 2.41-12+deb13u2 ii libgcrypt20 1.11.0-7 ii libgpg-error0 1.51-4 ii libksba8 1.6.7-2+b1 ii libnpth0t64 1.8-3 ii libreadline8t64 8.2-6 ii libsqlite3-0 3.46.1-7+deb13u1 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages gpg recommends: ii gnupg 2.4.7-21+deb13u1 gpg suggests no packages. -- no debconf information
