How to resolve the error: gpg: bad data signature from key: Wrong key usage (0x19, 0x2)

gnupg

When I run gpg --keyid-format LONG -K I am seeing the following output. Private information replaced with upper case values.

gpg: bad data signature from key PROBLEMID: Wrong key usage (0x19, 0x2)
/Users/balupton/.gnupg/pubring.gpg
----------------------------------
sec   rsa4096/AID 2016-03-15 [SC]
      BID
uid                 [ultimate] Benjamin Lupton <PERSONALEMAIL>
uid                 [ultimate] Benjamin Lupton <WORKEMAIL>
ssb   rsa2048/PROBLEMID PASTDATE [E] [expires: FUTUREDATE]
ssb   rsa2048/CID PASTDATE [SA] [expires: FUTUREDATE]

How do I resolve this? Why did this occur?

Best Answer

This error message was introduced by a recent change to GnuPG:

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=214b0077264e35c079e854a8b6374704aea45cd5

The key is defective in the way it was created, because an internal signature with type 0x19 (i.e. the "Primary Key Binding Signature", see RFC 4880 section 5.2.1) made with the subkey PROBLEMID is not valid.

Each subkey is supposed to have a pair of 0x18 and 0x19 signatures which bind it to the primary key and the primary key to it.

The key usage flags are documented in this IANA registry: https://www.iana.org/assignments/pgp-parameters/pgp-parameters.xml#pgp-parameters-11.

Related Question