SUMMARY After deleting the incomplete team key in Kleopatra and then importing the public key of that team key, it will be found that the secret key of the team key is still present. STEPS TO REPRODUCE 1. Create an OpenPGP key (hereinafter referred to as Key A) with the "Set up this key for shared usage in teams" option enabled. 2. Save secret team key for Key A; whether the "Allow team members to sign with the team key" option is enabled or not has no effect. 3. Export the public key of Key A. 4. Delete Key A 5. Import the secret team key A that was exported earlier (the one with the incomplete certificate). 6. Delete secret team key A that was just imported. 7. Import the public key of Key A. OBSERVED RESULT The imported key A contains its public key and an incomplete secret key. EXPECTED RESULT The imported key A contains only the public key, not the secret key. SOFTWARE/OS VERSIONS Kleopatra: Gpg4win-5.0.1 Kleopatra: 76f98d94d858d18edd22b8d26aad565b1f71671f GnuPG: 2.5.17 Libgcrypt: 1.11.2 KDE Frameworks: 6.20.0 Qt: Using 6.10.1 and built against 6.10.1 Windows 10 Version 21H2 Build ABI: x86_64-little_endian-llp64 Kernel: winnt 10.0.19044 ADDITIONAL INFORMATION This might be a problem with the GPG core; it's reported that using GPG commands directly makes it impossible to delete incomplete team keys.
This bug also exists in the Linux version of Kleopatra. Progress is tracked in the Gpg4win bug tracker at https://dev.gnupg.org/T8076 .