Certificate canonicalization issue
If you create a key w/o userids using the TPKBuilder
, then manually create and bind a userid, the binding signature will not contain a keyflags subpacket. This is the result:
-----BEGIN PGP PRIVATE KEY BLOCK-----
xVgEXcrGVhYJKwYBBAHaRw8BAQdACxpkwpMtVDF1vExMF++ps6l+R8Eui+9DTVK3
HGFH5qoAAP9Q7D5VegOJbM2e2ZWRriE+x+dGJi+tNH2JorQmXdfibRDmwn4EHxYK
ADACHgECmwEFgl3KxlYWIQRGuxf+7YVBmW+A+AkI+kclADxGWgkQCPpHJQA8RloC
FQoAANKsAP91cWs9EVMRk3X/rD06jIXJ4V0sM0U0Pa1yW/BBDal07AD/filg1fJ4
1ElvYGXCklVEKeGMsCqVChHBfJ2LLw5+bQzND2Zvb0BleGFtcGxlLm9yZ8J1BBMW
CgAnBYJdysZWFiEERrsX/u2FQZlvgPgJCPpHJQA8RloJEAj6RyUAPEZaAAA8fwEA
oWkT0kn5N0/4c/2Zq6FuTipztJMyTkQMPwTUxAmqf/ABAO63dElEyUSs0USJHRmd
/xzW07jJyQnBtg36l+ExBW4P
=grTa
-----END PGP PRIVATE KEY BLOCK-----
I think what happens is that Sequoia sees the direct key signature, see the key flags (C), find the first userid packet with binding signature, the binding signature's missing key flags subpacket overrides the key flags, which now do not contain the C flag, and Sequoia decides to discard any remaining components. Hat tip to @hkos for finding the issue.
This boils down to the interpretation of C, and whether or not the primary key is always C.