GPGTools should update to 2.2.5 to fix signing with missing subkeys

theirix's Avatar


23 Feb, 2018 11:07 AM

A recent GPG 2.2.5 fixes a serious error with expired subkeys - see
Let me describe the case. Let you have a key with multiple signing subkeys. Let the machine with gpgtools have one signing subkey attached and one signing subkey detached ('missing' i.e. with a sec# prefix). GPG before 2.2.5 selects a signing subkey basing on issuing date not by availability. So gpgtools doesn't sign emails if the oldest subkey is unavailable. This should be fixed now.

The problem was discussed in several GPGTools topics (closed by far). Maybe they should be rechecked along with other related bugs when a new upstream version will be packaged with GPGTools.

  1. Support Staff 1 Posted by Luke Le on 05 Mar, 2018 05:16 PM

    Luke Le's Avatar

    Hi theirix,

    thank you for bringing this issue to our attention. We have been following issues with subkeys closely and have reported bugs to the developer of GnuPG directly. We are currently working on integrating GnuPG 2.2.5 in our hotfix/nightly releases and it should be available soon.

  2. 2 Posted by theirix on 05 Mar, 2018 05:34 PM

    theirix's Avatar

    Glad to hear it. Thank you for the great work!

  3. Support Staff 3 Posted by Steve on 07 Mar, 2018 02:26 PM

    Steve's Avatar

    The latest hotfix GPG Suite includes gpg 2.2.5.

    All the best,

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  4. Steve closed this discussion on 07 Mar, 2018 02:26 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac