[Solved] gpg --list-public-keys (removed duplicate - see my last post)

colinkeenan · 2014-11-18 23:30:34

I followed https://wiki.archlinux.org/index.php/GnuPG#Create_key and https://wiki.archlinux.org/index.php/Talk:Pacman-key, but I have ended up with my public key being listed twice. It's both first and last in the full list of public keys. Here is just mine:

/home/colin% gpg --list-public-keys colin
pub 4096R/0940E3F9 2014-11-18 [expires: 2015-11-18]
uid [ultimate] Colin Keenan <colinnkeenan@gmail.com>
uid [ultimate] [jpeg image of size 6283]
sub 4096R/EDA19F9C 2014-11-18 [expires: 2015-11-18]

pub 4096R/0940E3F9 2014-11-18 [expires: 2015-11-18]
uid [ultimate] Colin Keenan <colinnkeenan@gmail.com>
uid [ultimate] [jpeg image of size 6283]
sub 4096R/EDA19F9C 2014-11-18 [expires: 2015-11-18]

How do I remove just the 2nd entry so that my public key is only listed one time?

I am afraid to start signing my packages (https://wiki.archlinux.org/index.php/De … ge_signing) before I fix this issue.

Edit to add what I've tried so far:

gpg -o colin.gpg --export colin # to create a backup of my public key in a file called colin.gpg
cp pubring.gpg pubring-backup.gpg # in case I screw up pubring.gpg
gpg --import colin.gpg # hoping it will magically merge the duplicate, but it left both unchanged
gpg --delete-key colin # hoping it would delete both copies of the public key so I could import it again

It refused to delete the public key until I delete the private key which I don't want to do.

I also realized the export may have the duplicate as well. I tested that with:

gpg colin.gpg

And, sure enough, it listed my key twice.

Another edit: I have tried a lot and exposed a bug that I will try to submit upstream. Here is what I have done:

gpg --edit-key colin # this selected the first of the duplicate keys to be edited
gpg> adduid
Real name: Colin N Keenan
Email address: colinnkeenan@gmail.com
Comment:
You selected this USER-ID:
"Colin N Keenan <colinnkeenan@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a passphrase to unlock the secret key for
user: "Colin Keenan <colinnkeenan@gmail.com>"
4096-bit RSA key, ID 0940E3F9, created 2014-11-18

pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1) Colin Keenan <colinnkeenan@gmail.com>
[ultimate] (2) [jpeg image of size 6283]
[ unknown] (3). Colin N Keenan <colinnkeenan@gmail.com>

gpg> save

gpg --edit-key "Colin N Keenan"
...

Secret key is available.

pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1). Colin N Keenan <colinnkeenan@gmail.com>
[ultimate] (2) Colin Keenan <colinnkeenan@gmail.com>
[ultimate] (3) [jpeg image of size 6283]

gpg> 2

pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1). Colin N Keenan <colinnkeenan@gmail.com>
[ultimate] (2)* Colin Keenan <colinnkeenan@gmail.com>
[ultimate] (3) [jpeg image of size 6283]

gpg> deluid
Really remove this user ID? (y/N) y

pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1). Colin N Keenan <colinnkeenan@gmail.com>
[ultimate] (2) [jpeg image of size 6283]

gpg> quit
Save changes? (y/N) y

And now the bug:

/home/colin% gpg --delete-key "Colin Keenan"
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: there is a secret key for public key "Colin Keenan"!
gpg: use option "--delete-secret-keys" to delete it first.

/home/colin% gpg --delete-secret-key "Colin Keenan"
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: key "Colin Keenan" not found: Unknown system error
gpg: Colin Keenan: delete key failed: Unknown system error

So, --delete-key fails because there is a secret key, and --delete-secret-key fails because it can't find the secret key!

Last edited by colinkeenan (2014-11-19 16:26:31)

clfarron4 · 2014-11-18 23:34:49

When I run the command for my keys, I only get each key listed once... I can't think of anything that might trigger it to list your key twice.

colinkeenan · 2014-11-19 00:03:04

I think it happened when I followed the instruction on https://wiki.archlinux.org/index.php/Talk:Pacman-key which says to "Import generated key into pacman's keychain (pacman-key --import) from your ~/.gnupg". It seems as though I remember seeing it only once until I ran pacman-key --import ./ (while in ~/.gnupg). Maybe I accidently ran it twice if I couldn't tell it had worked.

colinkeenan · 2014-11-19 03:36:53

I have filed an upstream bug. Their website is not configured correctly though according to Google Chrome, and I had to click "advanced" and tell Chrome to go to the site anyway even though it's "not safe".

https://bugs.g10code.com/gnupg/issue1763

colinkeenan · 2014-11-19 15:53:45

I have solved the issue. Since I had made a backup of .gnupg while there was a duplicate of the public key for "Colin Keenan", I realized the secret key in the backup was also for "Colin Keenan", so I didn't want to delete that one. I should delete "Colin N Keenan" by deleting the secret and public key matching it, then copy the resulting public key file to the backup, then restore the backup. That solved the issue, as follows:

gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg

Here is a full outline of the commands I ran to eliminate the duplicate public key, in case anyone else runs into this very unusual problem:

cd # just making sure I'm in home directory so don't have to type dreaded ~
cp -r .gnupg .gnupg-backup
gpg --edit-key colin
gpg> adduid (added Colin N Keenan, original was Colin Keenan)
gpg> save
gpg --edit-key "Colin N Keenan"
gpg> 2 (because "Colin Keenan" was the 2nd uid)
gpg> deluid
gpg> save
gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg

Last edited by colinkeenan (2014-11-19 16:41:03)

colinkeenan · 2014-11-19 18:25:01

I have figured out how I got the double public key listing in the first place, and filed a bug against pacman-key:

https://bugs.archlinux.org/task/42850

I think it happens when doing

sudo pacman-key --import /home/<user>/.gnupg

after putting

keyring /etc/pacman.d/gnupg/pubring.gpg

into ~/.gnupg/gpg.conf, as recommended in https://wiki.archlinux.org/index.php/Ma … e_checking

I have followed the same steps that I did the first time, and ended up with duplicate entries again. All this at least has made me comfortable with gpg.

colinkeenan · 2014-11-19 22:18:50

I took another look at the situation and realize that my ~/.gnupg/pubring.gpg is now empty! If I comment out keyring /etc/pacman.d/gnupg/pubring.gpg in gpg.conf, there is no longer any output to gpg -k. My public key is only in /etc/pacman.d/gnupg/pubring.gpg.

So, the reason I got the key duplicated in gpg -k before is because it was first listing the one key in ~/.gnupg/pubring.gpg, then listing all the keys in /etc/pacman.d/gnupg/pubring.gpg, including mine since I had done sudo pacman-key --import /home/colin/.gnupg

Now I'm thinking it was supposed to list my key twice and that I've screwed things up by making ~/.gnupg/pubring.gpg empty.

Can anyone confirm it is normal to get a double listing of your public key if you do sudo pacman-key --import /home/colin/.gnupg and also have keyring /etc/pacman.d/gnupg/pubring.gpg in gpg.conf?

Arch Linux

#1 2014-11-18 23:30:34

[Solved] gpg --list-public-keys (removed duplicate - see my last post)

#2 2014-11-18 23:34:49

Re: [Solved] gpg --list-public-keys (removed duplicate - see my last post)

#3 2014-11-19 00:03:04

Re: [Solved] gpg --list-public-keys (removed duplicate - see my last post)

#4 2014-11-19 03:36:53

Re: [Solved] gpg --list-public-keys (removed duplicate - see my last post)

#5 2014-11-19 15:53:45

Re: [Solved] gpg --list-public-keys (removed duplicate - see my last post)

#6 2014-11-19 18:25:01

Re: [Solved] gpg --list-public-keys (removed duplicate - see my last post)

#7 2014-11-19 22:18:50

Re: [Solved] gpg --list-public-keys (removed duplicate - see my last post)

Board footer