gpgme: detect missing primary key
Tobias Mueller
muelli at cryptobitch.de
Mon May 21 15:17:49 CEST 2018
Hi,
I am using gpgme and I want to detect when the actual key for signing
some other key is not present, e.g. after having followed https://wiki.d
ebian.org/Subkeys.
gpg --list-secret-keys shows
sec# rsa2048 2018-02-13 [SC]
D6951AD1A148A16C1B1FFACABA64A52A51061371
uid [ unknown] foobar <foo at bar>
ssb rsa2048 2018-02-13 [E]
ssb rsa2048 2018-02-13 [S]
presumingly the "sec#" indicates the missing primary key.
With gpgme I get this:
In [4]: list(ctx.keylist(secret=True))
Out[4]: [Key(can_authenticate=0, can_certify=1, can_encrypt=1,
can_sign=1, chain_id=None, disabled=0, expired=0,
fpr='D6951AD1A148A16C1B1FFACABA64A52A51061371', invalid=0,
is_qualified=0, issuer_name=None, issuer_serial=None, keylist_mode=1,
owner_trust=0, protocol=0, revoked=0, secret=1,
subkeys=[SubKey(can_authenticate=0, can_certify=1, can_encrypt=0,
can_sign=1, card_number=None, curve=None, disabled=0, expired=0,
expires=0, fpr='D6951AD1A148A16C1B1FFACABA64A52A51061371', invalid=0,
is_cardkey=0, is_qualified=0,
keygrip='39B99ED24E2D2AC200A296712B1A6D756C4ABC3C',
keyid='BA64A52A51061371', length=2048, pubkey_algo=1, revoked=0,
secret=0, timestamp=1518519237), SubKey(can_authenticate=0,
can_certify=0, can_encrypt=1, can_sign=0, card_number=None, curve=None,
disabled=0, expired=0, expires=0,
fpr='0192F548677FE38FE46B095E5A531CC30D4F7810', invalid=0, is_cardkey=0,
is_qualified=0, keygrip='14CDE4A9EC7F2716AAB134247CA778321F343E73',
keyid='5A531CC30D4F7810', length=2048, pubkey_algo=1, revoked=0,
secret=1, timestamp=1518519237), SubKey(can_authenticate=0,
can_certify=0, can_encrypt=0, can_sign=1, card_number=None, curve=None,
disabled=0, expired=0, expires=0,
fpr='D04938AFB2DCD015AFD79C12B9B9338F1984FBE1', invalid=0, is_cardkey=0,
is_qualified=0, keygrip='51A932F25B04A04C2C75014D58028D4C51451576',
keyid='B9B9338F1984FBE1', length=2048, pubkey_algo=1, revoked=0,
secret=1, timestamp=1518519280)], uids=[UID(address='foo at bar',
comment='', email='foo at bar', invalid=0, name='foobar', revoked=0,
signatures=[], tofu=[], uid='foobar <foo at bar>', validity=0)])]
Nothing seems to indicate the missing primary key.
Unless I am missing something.
How would I detect the above mentioned scenario?
I've quickly grepped through gpgme and in keylist.c I can only find
"sec" being parsed, not "sec#".
Cheers,
Tobi
More information about the Gnupg-devel
mailing list