Why is gpg --list-keys sometimes printing subkeys, sometimes not?

gnupg openpgp

This question occured in the comments of "How do I display the usage flags for my encryption keys in a less hackish way?", and seems worth being answered in a Q&A form as the answer is not actually obvious.

To view Torvald's OpenPGP key 449FA3AB, I use gpg2 --list-keys 449FA3AB, which outputs

$ gpg2 --list-keys 449FA3AB
pub   1024D/449FA3AB 1999-10-05 [expired: 2001-10-04]
uid       [ expired] Linus Torvalds <[email protected]>

Usually, this command also lists subkeys, but no subkeys are printed for Torvald's key. Yet, when requesting batch output, there is one included.

$ gpg2 --with-colons --list-keys 449FA3AB
tru::1:1414619239:1414879758:3:1:5
pub:e:1024:17:956EB7BF449FA3AB:939086351:1002158351::-:::sca:
uid:e::::939086351::81A3799583B9B1B391E4C428112F302FF2ADF462::Linus Torvalds <[email protected]>:
sub:e:2048:16:71CE8207BFF491C5:939086545:1002158545:::::e:

Seems like this Torvalds-key has some special feature that hides the sub-key. What happened here?


Solution 1:

Expired Keys

This is no special feature, but Torvalds primary key is expired quite some time ago, and in consequence also the subkey. The answer is hidden in GnuPG's --list-options section of the man pages, as by default expired subkeys are hidden. From man gpg2:

show-unusable-subkeys
        Show revoked and expired subkeys in key listings. Defaults to no.

By specifying this argument, the subkey will show up:

$ gpg2 --list-options show-unusable-subkeys --list-keys 449FA3AB
pub   1024D/449FA3AB 1999-10-05 [expired: 2001-10-04]
uid       [ expired] Linus Torvalds <[email protected]>
sub   2048g/BFF491C5 1999-10-05 [expired: 2001-10-04]

Travelling Back in Time

You can also verify this using the helpful faketime program to set the system time back some years for GnuPG. By travelling back in time to some date where Torvalds key was valid, the subkey will show up again:

$ faketime 2001-01-01 gpg2 --list-keys 449FA3AB
pub   1024D/449FA3AB 1999-10-05 [expires: 2001-10-04]
uid       [ unknown] Linus Torvalds <[email protected]>
sub   2048g/BFF491C5 1999-10-05 [expires: 2001-10-04]

Related

I can't uninstall Git
Notepad++ auto complete HTML end tags after </ (like Dreamweaver does)
Windows 8/8.1 system clock changing randomly while powered on and in use
Laser printer 'bends' paper
How to release/reset serial port FTDI devices - Mac OSX
Why is Ctrl-Arrow not working in bash on OS X?
Add another subtitles to matroska file, on Linux
Do text files store their encoding method for later decoding?
wget - download all files but not preceding folders
I need a simple way to backup files to Amazon glacier from the command line?
Unblocking at element-level in uBlock Origin
Replace audio + sync + save all to a new video file – VLC