[pkg-gnupg-maint] Bug#928964: gpg fails to emit OpenPGP secret keys if the stored keyfile has a comment or a uri

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue May 14 05:50:29 BST 2019

Package: gpg
Version: 2.2.12-1
Control: found -1 2.2.13-1
Control: found -1 2.2.14-1
Control: found -1 2.2.15-1
Control: tags -1 patch upstream
Control: affects -1 src:monkeysphere
Control: forwarded -1 https://dev.gnupg.org/T4490

When a passphraseless keyfile in ~/.gnupg/private-keys-v1.d/*.key
contains a (comment) sublist or a (uri) sublist, and it is associated
with an OpenPGP certificate, then "gpg --export-secret-key" fails with
"Bad secret key".

This happens because the code to translate from the S-expression to an
OpenPGP certificate is too brittle, assuming that a (private-key) list
can only have one sublist, which is the list for the private key itself.

The attached patch fixes the problem by ignoring all sublists after the
first in a (private-key) list.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-gpg-enable-OpenPGP-export-of-cleartext-keys-with-com.patch
Type: text/x-diff
Size: 1415 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190514/83accfdd/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190514/83accfdd/attachment.sig>

More information about the pkg-gnupg-maint mailing list