Re: gpg: signing failed: Bad secret key
On Mittwoch, 24. Januar 2024 22:05:53 CET Leo Coogan via Gnupg-users wrote: > It looks like there's only that non-functioning signing subkey. Huh. Do > I need to create a new signing subkey? Copy the content of ~/.gnupg/private-keys-v1.d from your fedora machine to your nixox machine (after making a backup) to restore the missing secret key. Regards, Ingo > On 1/24/24 12:37, Werner Koch wrote: > > On Tue, 23 Jan 2024 12:38, Leo Coogan said: > >> sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02] > >> > >>C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B > >>Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB > > > > You don't have a signing key. Ther primary key has been taken offline > > ('#') and can thus not be used for signing. > > > >> ssb cv25519 2023-03-03 [E] [expires: 2025-03-02] > >> > >>143454E3276F11C51D01B35363D14EA6FDB00D9F > >>Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21 > > > > The subkey is not capable of signing (by usage flags and algorithm). > > > > Did you had another signing subkey and that one expired? > > Add > > > >--list-options show-unusable-subkeys > > > > to the listing command to check. > > > > > > Salam-Shalom, > > > > Werner > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: signing failed: Bad secret key
Here's the command run on my fedora machine: ``` > gpg -K --list-options show-unusable-subkeys /home/lcoogan/.gnupg/pubring.kbx sec ed25519 2023-03-03 [SC] [expires: 2025-03-02] C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B uid [ultimate] Leo Coogan (Personal) uid [ultimate] Leo Coogan (Personal GPG key) ssb cv25519 2023-03-03 [E] [expires: 2025-03-02] ``` and on my nixos machine: ``` > gpg -K --list-options show-unusable-subkeys gpg: enabled compatibility flags: gpg: using pgp trust model /home/lcoogan/.gnupg/pubring.kbx sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02] C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B uid [ultimate] Leo Coogan (Personal) uid [ultimate] Leo Coogan (Personal GPG key) ssb cv25519 2023-03-03 [E] [expires: 2025-03-02] ``` It looks like there's only that non-functioning signing subkey. Huh. Do I need to create a new signing subkey? On 1/24/24 12:37, Werner Koch wrote: On Tue, 23 Jan 2024 12:38, Leo Coogan said: sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02] C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB You don't have a signing key. Ther primary key has been taken offline ('#') and can thus not be used for signing. ssb cv25519 2023-03-03 [E] [expires: 2025-03-02] 143454E3276F11C51D01B35363D14EA6FDB00D9F Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21 The subkey is not capable of signing (by usage flags and algorithm). Did you had another signing subkey and that one expired? Add --list-options show-unusable-subkeys to the listing command to check. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: signing failed: Bad secret key
On Tue, 23 Jan 2024 12:38, Leo Coogan said: > sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02] > C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B > Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB You don't have a signing key. Ther primary key has been taken offline ('#') and can thus not be used for signing. > ssb cv25519 2023-03-03 [E] [expires: 2025-03-02] > 143454E3276F11C51D01B35363D14EA6FDB00D9F > Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21 The subkey is not capable of signing (by usage flags and algorithm). Did you had another signing subkey and that one expired? Add --list-options show-unusable-subkeys to the listing command to check. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: signing failed: Bad secret key
This is Nixos. I don't believe I have two binaries of gpg. My Nixos config contains: ```nix programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; ``` and the package pinentry-gnome is installed. I did `which` gpg and gpg2, and gpg2 was a symlink to gpg. So I don't believe I have another binary of gpg. ``` > gpg -K --with-subkey-fingerprint --with-keygrip \ --list-options show-pref-verbose \ C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2>&1| wl-copy gpg: enabled compatibility flags: gpg: using pgp trust model sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02] C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB uid [ultimate] Leo Coogan (Personal) Cipher: AES256, AES192, AES, 3DES AEAD: OCB Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, AEAD, Keyserver no-modify uid [ultimate] Leo Coogan (Personal GPG key) Cipher: AES256, AES192, AES, 3DES AEAD: OCB Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, AEAD, Keyserver no-modify ssb cv25519 2023-03-03 [E] [expires: 2025-03-02] 143454E3276F11C51D01B35363D14EA6FDB00D9F Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21 ``` On 1/22/24 02:48, Werner Koch wrote: Hi! [GNUPG:] KEY_CONSIDERED C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2 gpg: writing to stdout [GNUPG:] BEGIN_SIGNING H10 gpg: signing failed: Bad secret key Plase run gpg -K --with-subkey-fingerprint --with-keygrip \ --list-options show-pref-verbose \ C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B Is there a second gpg binary on your system? Is that Debian? Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: signing failed: Bad secret key
On Fri, 19 Jan 2024 14:19, Leo Coogan said: > When I run `git commit -m` on nixos, I receive this error: For debugging add "verbose" to ~/.gnupg/gpg.conf . This should give you more information what's up. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users