Problems with two active encryption subkeys
Sven Klomp
mail at klomp.eu
Thu Nov 11 09:50:30 CET 2010
On Wednesday 10 November 2010 20:20:13 Hauke Laging wrote:
> I created some more subkeys to check that...
>
> For 2.0.15 you are right in one point and wrong in the other. It is the newer
> creation date which is chosen not the longer remaining validity period. But
> the newer key wins against the longer one:
>
> start cmd:> LC_ALL=C gpg --edit-key 71FDC5CB
> pub 1024D/0x71FDC5CB created: 2010-02-25 expires: 2011-02-25 usage: C
> [...]
> sub 2048R/0xDA63AFDA created: 2010-11-10 expires: 2011-01-09 usage: E
> sub 1024R/0x1860836B created: 2010-11-10 expires: 2010-12-10 usage: E
>
> gpg --encrypt --recipient 71FDC5CB test.html
>
> encrypts for 1860836B not for the both longer and longer valid DA63AFDA.
So the decision is done in the implementation and not covered in the OpenPGP standard. Thus, other software may behave differently.
I think, I have to revoke one key to avoid problems...
Thanks for pointig this out.
Sven
More information about the Gnupg-users
mailing list