list option show-unusable-uids has no effect on show-only-fpr-mbox output

Uwe Kleine-König u.kleine-koenig at baylibre.com
Tue Apr 15 16:17:44 CEST 2025 

Hello,

my original intention was to create a bug report on
https://dev.gnupg.org/, but I don't have an account there and to get one
I have to post on a mailing list. To have some interesting content in
the mail, here comes my bugreport. Maybe it can even be resolved here.
If I should take this to the bug tracker, please help me create an
account there:

	handle: ukleinek
	name: Uwe Kleine-König
	email: u.kleine-koenig at baylibre.com

Recently a UID of a key in the WKD I maintain was revoked. While trying
to add the key with the revoked UID to the WKD I noticed this
inconsistency (which made it unnecessarily hard to add the key to the
WKD):

	test at taurus:~$ rm -rf .gnupg
	test at taurus:~$ gpg --locate-external-keys u.kleine-koenig at baylibre.com mkorpershoek at baylibre.com
	gpg: directory '/home/test/.gnupg' created
	gpg: keybox '/home/test/.gnupg/pubring.kbx' created
	gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
	gpg: key 570338B018144F28: public key "Mattijs Korpershoek <mkorpershoek at baylibre.com>" imported
	gpg: Total number processed: 1
	gpg:               imported: 1
	gpg: key E2DCDD9132669BD6: public key "Uwe Kleine-König <u.kleine-koenig at baylibre.com>" imported
	gpg: Total number processed: 1
	gpg:               imported: 1
	gpg: no ultimately trusted keys found
	pub   rsa4096 2022-09-23 [SCEA]
	      8234A35B45C0D26B31C1A2DA570338B018144F28
	sub   rsa2048 2025-03-20 [S] [expires: 2027-03-20]
	sub   rsa2048 2025-03-20 [E] [expires: 2027-03-20]

	pub   rsa4096 2010-06-15 [SC] [expires: 2027-06-21]
	      0D2511F322BFAB1C1580266BE2DCDD9132669BD6
	uid           [ unknown] Uwe Kleine-König <u.kleine-koenig at baylibre.com>
	sub   rsa2048 2023-03-17 [A] [expires: 2027-06-21]
	sub   rsa2048 2023-03-17 [S] [expires: 2027-06-21]
	sub   rsa2048 2023-03-17 [E] [expires: 2027-06-21]

The key 8234A35B45C0D26B31C1A2DA570338B018144F28 is the one with the
revoked UID, the other is my key that is included here to show how a
non-revoked key behaves.

	test at taurus:~$ gpg --list-keys
	/home/test/.gnupg/pubring.kbx
	-----------------------------
	pub   rsa4096 2022-09-23 [SCEA]
	      8234A35B45C0D26B31C1A2DA570338B018144F28
	sub   rsa2048 2025-03-20 [S] [expires: 2027-03-20]
	sub   rsa2048 2025-03-20 [E] [expires: 2027-03-20]

	pub   rsa4096 2010-06-15 [SC] [expires: 2027-06-21]
	      0D2511F322BFAB1C1580266BE2DCDD9132669BD6
	uid           [ unknown] Uwe Kleine-König <u.kleine-koenig at baylibre.com>
	sub   rsa2048 2023-03-17 [A] [expires: 2027-06-21]
	sub   rsa2048 2023-03-17 [S] [expires: 2027-06-21]
	sub   rsa2048 2023-03-17 [E] [expires: 2027-06-21]

So Mattijs' UID isn't listed as it's revoked. If I want to see it I can
do:

	test at taurus:~$ gpg --list-options show-unusable-uids --list-keys
	/home/test/.gnupg/pubring.kbx
	-----------------------------
	pub   rsa4096 2022-09-23 [SCEA]
	      8234A35B45C0D26B31C1A2DA570338B018144F28
	uid           [ revoked] Mattijs Korpershoek <mkorpershoek at baylibre.com>
	sub   rsa2048 2025-03-20 [S] [expires: 2027-03-20]
	sub   rsa2048 2025-03-20 [E] [expires: 2027-03-20]

	pub   rsa4096 2010-06-15 [SC] [expires: 2027-06-21]
	      0D2511F322BFAB1C1580266BE2DCDD9132669BD6
	uid           [ unknown] Uwe Kleine-König <u.kleine-koenig at baylibre.com>
	sub   rsa2048 2023-03-17 [A] [expires: 2027-06-21]
	sub   rsa2048 2023-03-17 [S] [expires: 2027-06-21]
	sub   rsa2048 2023-03-17 [E] [expires: 2027-06-21]

To generate the WKD content, I'm using

	test at taurus:~$ gpg --list-options show-only-fpr-mbox,show-unusable-uids --list-keys
	0D2511F322BFAB1C1580266BE2DCDD9132669BD6 u.kleine-koenig at baylibre.com

(and pipe that into `gpg-wks-client -C $docroot --install-key`).

Here the list-option `show-unusable-uids` doesn't have the desired
effect and no line is generated for Mattijs's key and email address.
With `show-unusable-uids` in the list-options I would have expected that
had this effect on the fpr-mbox listing in the same way as on the
default format.

I'm using gpg as provided in Debian unstable (version: 2.4.7-14):

	$ gpg --version
	gpg (GnuPG) 2.4.7
	libgcrypt 1.11.0
	Copyright (C) 2024 g10 Code GmbH
	License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law.

	Home: /home/test/.gnupg
	Supported algorithms:
	Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
	Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
		CAMELLIA128, CAMELLIA192, CAMELLIA256
	Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
	Compression: Uncompressed, ZIP, ZLIB, BZIP2

Best regards
Uwe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250415/253fb103/attachment-0001.sig>

More information about the Gnupg-users mailing list