[Pkg-rust-maintainers] Bug#1112271: gpg-sq --export-ssh-key $keyid always export revoked key after key rotation

ChangZhuo Chen (陳昌倬) czchen at debian.org
Thu Aug 28 07:32:37 BST 2025 

Package: gpg-sq
Version: 0.13.1-3+b1
Severity: normal

After I rotate my authentication key. `gpg-sq --export-ssh-key $keyid`
always export revoked key instead of new created key.

The following is output of `gpg-sq --export-ssh-key $keyid`. The key
being exported is 0xA9134B8F

    $ gpg-sq --export-ssh-key BA04346DC2E1FE63C7908793CC65B0CDEC275D5B

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDE1WjCr8gB0bRAilXMq+9/hc5r5GSFyme4A6SkdTn1WTr7RoRffbq7w5EgsdpBv/Pmwh3xS/B+5kDgkpcIktixPnz5m6DI1+0xuZnxnBumaGLBvVT8pBShtBCSObSrgUJuOwQ3yOE6dfeJ7/6CKnBr+EFHDNza7tO0ZfUjVPlCHqWwvJHjf4fGWMel6ERsqgG9UrwLI2Lz//ai88TReQ+7PdJTbE+wExLH5UR5t6rjSSYobQcTubZHupMK3TplTvZk1KmWTccz8mcPqOTw//AmEiCozy44sseVKKhmeGAqPomhQHIbKP2Hq1RAno9lUcAvbT4CIb/CoWP1ABA6bx9ODXooBvGEuRaiTllFz9qfWKPpaGkYnpDoXMPwquM6sDHk3YogGwYDkbPKD94tS+9o/lcaEBh1NHl8wmtVQSxYjhS1Nwcim9YmbyKzywzhf+etMaa8TxWW6+kRQGj2P90ylprKP6FtVz56kIly+7Y5qTq0jtUcNDELbN3qCxZ7fHwX+09kwU4YDIOSgzPurA5z6AmMhJ2jzdQ80AEE53EaNgOwpL8ZtmqAJmlIwzzsWWZErpplNUIiM7xrtXPRko4+yxf21/Nd06XZZCP45VX8zS53mbL01W72I0Ir4ohk96g/X4Qv2S9gk9VGKG+H1h7crpzRw+FfJAPaI9pE7sNvjw== openpgp:0xA9134B8F


However, from `sq inspect --cert $keyid`, the key 0xA9134B8F is revoked.

    $ sq inspect --cert BA04346DC2E1FE63C7908793CC65B0CDEC275D5B
    
    OpenPGP Certificate.
    
          Fingerprint: BA04346DC2E1FE63C7908793CC65B0CDEC275D5B
      Public-key algo: RSA
      Public-key size: 4096 bits
        Creation time: 2016-03-19 14:52:47 UTC
      Expiration time: 2026-01-01 18:31:45 UTC (creation time + 9years 9months 13days 22h 36m 34s)
            Key flags: certification, signing
    
               Subkey: 9F2A0CF710C35EBE7072C0FBE965B338BCC5F139
      Public-key algo: RSA
      Public-key size: 4096 bits
        Creation time: 2025-08-27 13:47:56 UTC
            Key flags: authentication
    
               Subkey: F9633FE53A1CB0A2351655A011C1D196A9134B8F
                       Revoked:
                        - Key is superseded
                          On: 2025-08-27 13:45:48 UTC
                          Message:
      Public-key algo: RSA
      Public-key size: 4096 bits
        Creation time: 2017-01-09 10:55:18 UTC
            Key flags: authentication



-- System Information:
Debian Release: forky/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.38+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg-sq depends on:
ii  libbz2-1.0      1.0.8-6
ii  libc6           2.41-12
ii  libgcc-s1       15.2.0-1
ii  libgmp10        2:6.3.0+dfsg-4
ii  libhogweed6t64  3.10.1-1
ii  libnettle8t64   3.10.1-1
ii  libsqlite3-0    3.46.1-7
ii  libssl3t64      3.5.2-1

Versions of packages gpg-sq recommends:
ii  sq  1.3.1-2+b1

gpg-sq suggests no packages.

-- no debconf information

-- 
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
Key fingerprint = BA04 346D C2E1 FE63 C790  8793 CC65 B0CD EC27 5D5B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20250828/284fdc50/attachment-0001.sig>

More information about the Pkg-rust-maintainers mailing list