On Sun 2015-08-16 02:55:43 +0200, Russ Allbery wrote: > Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > >> does this succeed with gpg2 --decrypt as well, or just gpg --decrypt? > > Aha. Here's a problem: > > mithrandir:~/private/db$ gpg2 --decrypt personal > gpg: error reading keyblock: Legacy key > gpg: keydb_get_keyblock failed: Legacy key > gpg: encrypted with RSA key, ID 7CE29A76E9769486 > gpg: decryption failed: No secret key > > I have no idea what that means, and Google was not particularly > enlightening. > >> do you see files listed when you look at the GnuPG 2.1 secret key storage: > >> ls -l ~/.gnupg/private-keys-v1.d/*.key > > Yes.
ok, so the keygrip for 0x7CE29A76E9769486 is FD1DA474D3DF3C728C54F9E479EDFC5BBE2E14EA (via "gpg2 --with-keygrip --list-keys 7CE29A76E9769486") do you see ~/.gnupg/private-keys-v1.d/FD1DA474D3DF3C728C54F9E479EDFC5BBE2E14EA.key ? >> Depending on the output of the above, maybe you can try importing your >> secret keyring again: > >> gpg2 --import < ~/.gnupg/secring.gpg > >> (this should have been imported automatically for you upon your first >> use of gpg 2.1 after the upgrade) > > I get a lot more "legacy key" errors, and this weird error that I don't > understand: > > gpg: key D15D313882004173: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: keydb_get_keyblock failed: Legacy key > gpg: key D15D313882004173: failed to re-lookup public key > > That key definitely has a self-signature. It's the same key I use for > Debian. > > mithrandir:~/private/db$ gpg -kv D15D313882004173 > pub 4096R/D15D313882004173 2009-05-29 [expires: 2017-09-17] > uid [ultimate] Russ Allbery <ea...@eyrie.org> > uid [ultimate] Russ Allbery <r...@stanford.edu> > uid [ultimate] Russ Allbery <r...@debian.org> > uid [ revoked] Russ Allbery <ea...@windlord.stanford.edu> > uid [ultimate] Russ Allbery <r...@cs.stanford.edu> > sub 4096R/7CE29A76E9769486 2009-05-29 [expires: 2017-09-17] > sub 2048R/7D80315C5736DE75 2010-09-17 [expires: 2016-03-20] I agree with you that this key clearly has valid self-sigs. it does in my copy as well. can you show the same output from gpg2 as well as gpg ? Also: does it show up in the output of: gpg2 --list-secret-keys sorry for the hassle, and thanks for the quick debugging responses. --dkg