New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Same key available twice on keyserver #1707
Comments
Stacktrace on downloading
|
Any context? Is my key the problem, or an issue with the code? |
wow uh, this is a really weird case. can you tell us what software you used to create or ever modify this key? gpg, keybase, openkeychain, etc? |
By now, all three of those. I was testing stuff like creating subkeys, merging keys. Sadly, I'm far from an expert on gpg so I will accept it if you would tell me my key is broken... I could not find any other place to 'validate' my key, and gpg, mailvelope, open-keychain, eyaml, keybase all have no issue to use it. Only open-keychain is telling me something is wrong (with the public part?) |
what did you do to "merge" keys? |
I'm not behind my computer now, can't be really specific. Also, this happened around July 2015, so memory is a bit hazy... I think I failed and thus restored a backup of my key (without publishing anything). This was the guide I followed: http://security.stackexchange.com/a/62480 |
Yes, that wall of text explains it. And holy moly, that is a completely unreasonable thing to do with your key, which introduces several assumptions making everyone's life harder. I'm just glad it happened "by force" and not accidentally. In short, you appended your master key as a subkey to a different master key, so now a search on keyservers for your key id brings up both of those keyblocks - one where that key is the master key, one where it's a subkey. This is a situation which doesn't "naturally" occur, and the problem is that OpenKeychain has no way to tell which one to actually use in all situations. Either way, if your key isn't very valuable to you, I suggest you create a new one and move on. We might try and handle this differently to be more "liberal in what we accept", but whatever decision we make which of these keys to use will always be guesswork, which might work for your case but not for others or the other way around. |
Like I said, I was experimenting :-) I don't expect software to work with all (if any) edge cases, however I was not certain this was the case. I am not particularly attached to this key, but I need it for some things. This means obviously I will convert those things to use a new key...! Until this is done, I'm kinda attached ;-) Thanks for feedback! I will close the issue. Unless you plan to follow up on this edge case - then feel free to open it again... |
I would propose we check all keys and pick the first which has the correct key id for a master key, or the first which has it as a subkey id if none exists with a master key id. |
@Valodim sounds like the right approach. |
…server Allow for import of keys when the same key is available twice on the keyserver.
…yserver Allow for import of keys when the same key is available twice on the keyserver.
…yserver Allow for import of keys when the same key is available twice on the keyserver.
…yserver Allow for import of keys when the same key is available twice on the keyserver.
…yserver Allow for import of keys when the same key is available twice on the keyserver.
…yserver Allow for import of keys when the same key is available twice on the keyserver.
I'm unsure if there is something wrong with my keypair, or with openkeychain. I search the issues, but couldn't find a solution so far.
When I refresh my own key (or all keys) I get an error (Dutch):
However, I can use it for everything else, I can trust people, encrypt data, etc. How can I see more details about the error?
The text was updated successfully, but these errors were encountered: