You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a GPG public key that, on import to OpenKeychain gets removed all its subkeys during canonicalization. Following, the primary key is imported but shows up as defective.
Expected Behavior
On import of a GPG public key, all its attached subkeys should be imported.
Current Behavior
While importing the attached GPG public key, all subkeys get stripped during canonicalization and shows up as defective.
[START] Importing public keyring 0x17f39044ed4ebcb1
[START] Canonicalizing public keyring 0x17f39044ed4ebcb1
[DEBUG] Processing primary key
[DEBUG] Processing subkey 0x92b4230a70a573d9
[WARN] Subkey binding issuer id mismatch
[DEBUG] No valid certificate found for 0x92b4230a70a573d9, removing from ring
[OK] Keyring canonicalization successful, removed one erroneous certificate
[DEBUG] Preparing database operations
[DEBUG] Encoding keyring data
[DEBUG] Parsing keys
[DEBUG] Processing primary key 0x17f39044ed4ebcb1
[DEBUG] Primary flags: certify
[DEBUG] Keyring expires on Fri Apr 18 16:03:32 GMT+02:00 2025
[DEBUG] Classifying user IDs (no trusted keys available)
[DEBUG] Processing user ID testkey
[DEBUG] Re-ordering user IDs
[DEBUG] No old key deleted (creating a new one?)
[DEBUG] Applying insert batch operation.
[OK] Successfully imported public keyring
Possible Solution
Steps to Reproduce (for bugs)
I generated a GPG key on my computer and imported it to OpenKeychain.
Generate key
There is a reproducible way to create a key, which shows the described issue.
Primary key
I created a RSA key that can certify only.
[clerie@krypton ~]$ gpg --expert --full-generate-key
gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 8
Possible actions for this RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Possible actions for this RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Certify Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? e
Possible actions for this RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Certify
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fr 18 Apr 2025 16:03:24 CEST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: testkey
Email address:
Comment:
You selected this USER-ID:
"testkey"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/home/clerie/.gnupg/openpgp-revocs.d/67CFA42A4E0EE8CF0BEA6D7517F39044ED4EBCB1.rev'
public and secret key created and signed.
pub rsa4096 2024-04-18 [C] [expires: 2025-04-18]
67CFA42A4E0EE8CF0BEA6D7517F39044ED4EBCB1
uid testkey
Adding an encryption subkey
It seem to not matter which action the subkeys support or how many we add.
[clerie@krypton ~]$ gpg --expert --edit-key 67CFA42A4E0EE8CF0BEA6D7517F39044ED4EBCB1
gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa4096/17F39044ED4EBCB1
created: 2024-04-18 expires: 2025-04-18 usage: C
trust: ultimate validity: ultimate
[ultimate] (1). testkey
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
(14) Existing key from card
Your selection? 8
Possible actions for this RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Possible actions for this RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fr 18 Apr 2025 16:04:39 CEST
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
sec rsa4096/17F39044ED4EBCB1
created: 2024-04-18 expires: 2025-04-18 usage: C
trust: ultimate validity: ultimate
ssb rsa4096/92B4230A70A573D9
created: 2024-04-18 expires: 2025-04-18 usage: ER
[ultimate] (1). testkey
gpg> save
Export key
Following I exported the key and imported it to OpenKeychain.
The generated key is fully functioning while using GnuPG.
It can be imported and exported without any issues.
Encrypt a message with the key
[clerie@krypton ~]$ gpg --armor --encrypt
You did not specify a user ID. (you may use "-r")
Current recipients:
Enter the user ID. End with an empty line: 67CFA42A4E0EE8CF0BEA6D7517F39044ED4EBCB1
Current recipients:
rsa4096/92B4230A70A573D9 2024-04-18 "testkey"
Enter the user ID. End with an empty line:
Hello World
-----BEGIN PGP MESSAGE-----
hQIMA5K0IwpwpXPZAQ/+IRM36PZYoqX4PPXG46y5hw9OF3NAnzQUzpB3xG0+WZQV
RHra949v7itm4Hg8w7KLBM+ZY5RVkJBUpFZQ9iHUTnjse1rshgWnABxojddwEI7y
JsSmIoC4Q0YyO6+TuAlOhqZ8F8MgRyOg4132z2RwLY3FkHJ1BEKIXPo+BGjB40mH
9MNeByqaFT2+FCxifgnnO0eyybHUhyp9MjsymwZRk/LCN3djudiIsKDS8WNd+ngW
2l2mbKfydAzSmsPolPoQ262np/SXTbRBkGQPvr9aG4akLUthdGMoxteqLwng4XPZ
6yjRU1ixS3sgJRX6vy7jcEmOgtE8hA77rKv25o/1ffrd+cVA2g8q5IFylNykTqjy
pWutyYciWlrXhR6L1R/9A1PqpmFOJOzq+jd1+CtPE5uCQfA++CCtpiZcWDu57Wh2
mpv4unYYPh8eIW4c6p2S5BPlLFJpFAmWAxHM4wPh7jxoyDKfqR7z2A1fnI/uFAVp
0cKDULVHzXw4wl4I9c30/c0Sx/APaTe6OvtcjRpZO8aBtrCmxNVuPfnGnjhQP8jT
gEDo3odzaZ30B+QSzCCn/uxb9RdBVqnNTh+Tsz/bPymshR36w5ZKxN2uuzCJ9RiM
PYLDAGuk9uzHO0uIpaW8r7p3zGp++sETW6wNcBBhJO0fDiLeCgGLire5VlE1L1LU
UQEJAhBCuX6s6RBMDm+gVODFaJhZz5HGvzZERLhdTgftuZQeyHsDkf3ncvuZHidw
IEh+k6SoJayyD+euwUTgGB3ZH59265czpKBPbWGakzRy5w==
=OmvH
-----END PGP MESSAGE-----
Decrypt the message
[clerie@krypton ~]$ gpg --decrypt
-----BEGIN PGP MESSAGE-----
hQIMA5K0IwpwpXPZAQ/+IRM36PZYoqX4PPXG46y5hw9OF3NAnzQUzpB3xG0+WZQV
RHra949v7itm4Hg8w7KLBM+ZY5RVkJBUpFZQ9iHUTnjse1rshgWnABxojddwEI7y
JsSmIoC4Q0YyO6+TuAlOhqZ8F8MgRyOg4132z2RwLY3FkHJ1BEKIXPo+BGjB40mH
9MNeByqaFT2+FCxifgnnO0eyybHUhyp9MjsymwZRk/LCN3djudiIsKDS8WNd+ngW
2l2mbKfydAzSmsPolPoQ262np/SXTbRBkGQPvr9aG4akLUthdGMoxteqLwng4XPZ
6yjRU1ixS3sgJRX6vy7jcEmOgtE8hA77rKv25o/1ffrd+cVA2g8q5IFylNykTqjy
pWutyYciWlrXhR6L1R/9A1PqpmFOJOzq+jd1+CtPE5uCQfA++CCtpiZcWDu57Wh2
mpv4unYYPh8eIW4c6p2S5BPlLFJpFAmWAxHM4wPh7jxoyDKfqR7z2A1fnI/uFAVp
0cKDULVHzXw4wl4I9c30/c0Sx/APaTe6OvtcjRpZO8aBtrCmxNVuPfnGnjhQP8jT
gEDo3odzaZ30B+QSzCCn/uxb9RdBVqnNTh+Tsz/bPymshR36w5ZKxN2uuzCJ9RiM
PYLDAGuk9uzHO0uIpaW8r7p3zGp++sETW6wNcBBhJO0fDiLeCgGLire5VlE1L1LU
UQEJAhBCuX6s6RBMDm+gVODFaJhZz5HGvzZERLhdTgftuZQeyHsDkf3ncvuZHidw
IEh+k6SoJayyD+euwUTgGB3ZH59265czpKBPbWGakzRy5w==
=OmvH
-----END PGP MESSAGE-----
gpg: encrypted with rsa4096 key, ID 92B4230A70A573D9, created 2024-04-18
"testkey"
Hello World
Context
Your Environment
Android Version: /e/os 1.21 (Android 12)
Device Model: Fairphone 4
OpenKeychain Version: 6.0.4
From Google Play or F-Droid?: F-Droid
The text was updated successfully, but these errors were encountered:
I have a GPG public key that, on import to OpenKeychain gets removed all its subkeys during canonicalization. Following, the primary key is imported but shows up as defective.
Expected Behavior
On import of a GPG public key, all its attached subkeys should be imported.
Current Behavior
While importing the attached GPG public key, all subkeys get stripped during canonicalization and shows up as defective.
Possible Solution
Steps to Reproduce (for bugs)
I generated a GPG key on my computer and imported it to OpenKeychain.
Generate key
There is a reproducible way to create a key, which shows the described issue.
Primary key
I created a RSA key that can certify only.
Adding an encryption subkey
It seem to not matter which action the subkeys support or how many we add.
Export key
Following I exported the key and imported it to OpenKeychain.
Demonstration that the key is working
The generated key is fully functioning while using GnuPG.
It can be imported and exported without any issues.
Encrypt a message with the key
Decrypt the message
Context
Your Environment
The text was updated successfully, but these errors were encountered: