GPG: key D5DE453D: invalid subkey binding
Osamu Aoki
I am intriguesd by GPG.
$ gpg --recv-keys D5DE453D
gpg: requesting key D5DE453D from wwwkeys.pgp.net ...
gpg: key D5DE453D: invalid subkey binding
gpg: key D5DE453D: not changed
gpg: Total number processed: 1
gpg: unchanged: 1
$ gpg --edit-key D5DE453D
Secret key is available.
pub 1024D/D5DE453D created: 2000-09-24 expires: never trust: f/u
sub 1024g/D130E875 created: 2000-09-24 expires: 2001-09-24
sub 1024g/ECF1020D created: 2002-02-08 expires: 2005-02-07
(1) Osamu Aoki <os...@aokiconsulting.com>
(2). Osamu Aoki <ao...@aokiconsulting.com>
(3) Osamu Aoki <deb...@aokiconsulting.com>
(4) Osamu Aoki <os...@pc1.lan.aokiconsulting.com>
(5) Osamu Aoki <deb...@pc1.lan.aokiconsulting.com>
Command> quit
$
What is going on with above?
What is / "period" after (2) doing?
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~
+ Osamu Aoki <deb...@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D +
+ My debian quick-reference, http://qref.sourceforge.net/quick/ +
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Henrique de Moraes Holschuh
> gpg: key D5DE453D: invalid subkey binding
This is from a pgp.net keyserver? If so, it has corrupted your key in the
server because there are two subkeys. Their crap software has not been
updated in far a while.
> pub 1024D/D5DE453D created: 2000-09-24 expires: never trust: f/u
> sub 1024g/D130E875 created: 2000-09-24 expires: 2001-09-24
> sub 1024g/ECF1020D created: 2002-02-08 expires: 2005-02-07
Looks like it. I have this problem as well.
> (1) Osamu Aoki <os...@aokiconsulting.com>
> (2). Osamu Aoki <ao...@aokiconsulting.com>
The dot shows your main UID.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Osamu Aoki
> On Fri, 08 Feb 2002, Osamu Aoki wrote:
> > gpg: key D5DE453D: invalid subkey binding
>
> This is from a pgp.net keyserver?
> If so, it has corrupted your key in the
> server because there are two subkeys. Their crap software has not been
> updated in far a while.
>
> > pub 1024D/D5DE453D created: 2000-09-24 expires: never trust: f/u
> > sub 1024g/D130E875 created: 2000-09-24 expires: 2001-09-24
> > sub 1024g/ECF1020D created: 2002-02-08 expires: 2005-02-07
>
> Looks like it. I have this problem as well.
What is the remedy? Any pointer to information will be nice.
I did following: (Did not work)
1) removed 2nd sub key and changed expire date of first subkey locally
2) host $ gpg --send-keys D5DE453D
gpg: success sending to `wwwkeys.us.pgp.net' (status=200)
But keyserver does not remove 2nd sub key. (Just merges it)
Osamu
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~
+ Osamu Aoki <deb...@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D +
+ My debian quick-reference, http://qref.sourceforge.net/quick/ +
Henrique de Moraes Holschuh
> What is the remedy? Any pointer to information will be nice.
There is none. One could get the keyserver software, and fix it (good luck,
that thing is NOT easy to grok), then waste a few days of machine cicles
purging all screwed up keys from the keyring... And you would still risk
that people would ignore all your hard work, I suppose.
I gave up the entire pgp.net keyserver system, and since I loathe the
non-DFSG-compliant keyserver.net crap, I've been using keyring.debian.org as
the only keyserver where people can get a proper copy of my key (other than
asking me for it directly, or finger h...@debian.org).
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Osamu Aoki
> On Sat, 09 Feb 2002, Osamu Aoki wrote:
> > What is the remedy? Any pointer to information will be nice.
>
> There is none.
> I gave up the entire pgp.net keyserver system, and since I loathe the
> non-DFSG-compliant keyserver.net crap, I've been using keyring.debian.org as
> the only keyserver where people can get a proper copy of my key (other than
> asking me for it directly, or finger h...@debian.org).
"keyserver.net" used to be usable but it started causing problem thus I
stopped using it a while ago. That is not my option too.
If this is true, /usr/share/gnupg/option.skel must be modified. It
said:
# GnuPG can import a key from a HKP keyerver if one is missing
# for certain operations. Is you set this option to a keyserver
# you will be asked in such a case whether GnuPG should try to
# import the key from that server (server do syncronize with each
# other and DNS Round-Robin may give you a random server each time).
# Use "host -l pgp.net | grep www" to figure out a keyserver.
There should be some warning of the bugs on those pgp.net keyservers.
Also, it looks like I can "send" my key to "keyring.debian.org" but I can
not "recv". Maybe I have to wait CRON but... (I am not a Debian
developer)
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~
+ Osamu Aoki <deb...@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D +
+ My debian quick-reference, http://qref.sourceforge.net/quick/ +
Henrique de Moraes Holschuh
> Also, it looks like I can "send" my key to "keyring.debian.org" but I can
> not "recv". Maybe I have to wait CRON but... (I am not a Debian
> developer)
keyring.debian.org is only for registered Debian developers. However, I am
supposed to get my butt in gear and implement keyring.cipsga.org.br sometime
this millenium. That one will be open to all (and will use nearly the same
code as keyring.debian.org).
I will post a small note here when I manage that. BTW, the code behind
keyring.debian.org is quite simple, and its use interface is limited (no
searchs).
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh