list option show-unusable-uids has no effect on show-only-fpr-mbox output

Uwe Kleine-König u.kleine-koenig at baylibre.com
Fri May 2 16:07:38 CEST 2025 

Hello Bernhard,

sorry for not replying earlier, I missed your mail as I'm not subscribed
to gnupg-users.

On Thu, Apr 17, 2025 at 10:04:48AM +0200, Bernhard Reiter via Gnupg-users wrote:
> using gnupg 2.2.40-1.1 on Debian GNU/Linux
> I can confirm the behaviour you are seeing.
> 
> rm -r ~/tmp/dot.gnupg/
> GNUPGHOME=~/tmp/dot.gnupg/ bash
> gpg --locate-external-keys \
>  mkorpershoek at baylibre.com u.kleine-koenig at baylibre.com
> 
> gpg --list-options show-unusable-uids--list-keys
> gpg --list-options \
>  show-unusable-uids,show-only-fpr-mbox --list-keys
> 
> interesting enough adding --with-colons does show both pubkeys.
> 
> Am Dienstag 15 April 2025 16:17:44 schrieb Uwe Kleine-König:
> > To generate the WKD content, I'm using
> >
> > 	test at taurus:~$ gpg --list-options show-only-fpr-mbox,show-unusable-uids
> > --list-keys 0D2511F322BFAB1C1580266BE2DCDD9132669BD6
> > u.kleine-koenig at baylibre.com
> >
> > (and pipe that into `gpg-wks-client -C $docroot --install-key`).
> 
> Because you are using it in a script, --with-colons is usually recommended to 
> keep the interface more stable. That does not easily output the email 
> address.

I switched from using

	gpg --list-options show-only-fpr-mbox,show-unusable-uids --list-public-keys

to

	gpg --with-colons --list-public-keys | awk -F: '$1 == "fpr" { fpr = $10 } $1 == "uid" { email = gensub("^[^<]*<([^>]*)>$", "\\1", "g", $10);if (email != $10) { print fpr " " email } }'

> > Here the list-option `show-unusable-uids` doesn't have the desired
> > effect and no line is generated for Mattijs's key and email address.
> 
> I wonder if this is a defect at all as the documentation says:
>    
> https://gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html#index-list_002doptions_003ashow_002donly_002dfpr_002dmbox
> 
> | For each user-id which has a valid mail address print
> | only the fingerprint followed by the mail address.  
> 
> As the user-id is revoked, 
> it somehow is not a _valid_ email address, isn't it?

Depends on the definition of valid email address I guess. I would claim
that revoking an uid doesn't make the contained email address invalid.
What you read from there is something I'd describe as:

	For each valid user-id which has a mail address print only the
	fingerprint followed by the mail address.

*shrug* that's a very little detail.

> > With `show-unusable-uids` in the list-options I would have expected that
> > had this effect on the fpr-mbox listing in the same way as on the
> > default format.
> 
> I also wonder:
> What sense would it make to put a pubkey for an invalid uid on the WKD?

The baylibre WKD published the key belonging to
mkorpershoek at baylibre.com in the past and both the company and Mattijs
don't want that key/email combo to be used in the future. So it makes
sense to distribute the revoked uid.

> However either the documentation or the behaviour could be improved somehow I 
> guess. 

Ack, I'd argue that "valid" is dropped from the documentation to rule
out your interpretation of it, and fix `--list-options
show-only-fpr-mbox,show-unusable-uids` to behave consistent as I
expected it.

Best regards
Uwe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250502/97d6072e/attachment.sig>

More information about the Gnupg-users mailing list