Where does this signature come from? Some magic around --export-secret-keys?

Wed, 18 Sep 2013 20:40:13 -0700 

Hello,

I have tried to export the secret keys only (i.e. without the user IDs) in 
order to avoid importing old user ID signatures when importing the secret key 
file.

I had the idea to delete the selfsig on the UID before exporting. Thus it 
could not be exported or imported. But due to some magic gpg exports even an 
"officially non-existent" signature:

LC_ALL= LC_MESSAGES=C gpg --edit-key foo@bar check 2>/dev/null
Secret key is available.

pub  3072R/0x5D266D4E  created: 2013-09-19  expires: never       usage: SCEA
                       trust: ultimate      validity: ultimate
sub  2048R/0x9B681F49  created: 2013-09-19  expires: 2014-09-19  usage: S
sub  2048R/0xB42B66D3  created: 2013-09-19  expires: 2014-09-19  usage: E
[ultimate] (1). Hauke Laging <foo@bar>

uid  Hauke Laging <[email protected]>
1 user ID without valid self-signature detected

gpg>


gpg --armor --export-secret-keys foo@bar > secret.asc


# you cannot import secret keys if there is one already
gpg --delete-secret-key foo@bar


gpg --import secret.asc


LC_ALL= LC_MESSAGES=C gpg --edit-key foo@bar check 2>/dev/null
Secret key is available.

pub  3072R/0x5D266D4E  created: 2013-09-19  expires: 2014-09-19  usage: SCE
                       trust: ultimate      validity: ultimate
sub  2048R/0x9B681F49  created: 2013-09-19  expires: 2014-09-19  usage: S
sub  2048R/0xB42B66D3  created: 2013-09-19  expires: 2014-09-19  usage: E
[ultimate] (1). Hauke Laging <foo@bar>

uid  Hauke Laging <foo@bar>
sig!3   PN   0x5D266D4E 2013-09-19 never       [self-signature]


WTF? gpg-agent is not running for this user so the signature cannot be created 
on the fly. Is there a secret selfsig storage which is used for exporting 
only?

This does not happen when exporting the public key! gpg --list-packets shows 
the difference, too.

I played around with gpgsplit and noticed that a secret key file is not 
imported if the UID is missing completely. But it is happily imported if there 
is a UID without selfsig... :-)

gpg --version
gpg (GnuPG) 2.0.19
libgcrypt 1.5.3


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to