Bug#795639: assword fails with "Decryption error: Decryption failed"

Mon, 17 Aug 2015 08:07:02 -0700 

Control: retitle 795639 automated secret key import process for gpg2.1 skips 
some keys

On Sun 2015-08-16 19:16:03 +0200, Russ Allbery wrote:
> Daniel Kahn Gillmor <d...@fifthhorseman.net> writes:
>> do you see
>> ~/.gnupg/private-keys-v1.d/FD1DA474D3DF3C728C54F9E479EDFC5BBE2E14EA.key
>> ?
>
> No, that file doesn't exist.  So it looks like you've located the problem.
 [...]
> mithrandir:~$ gpg2 -kv D15D313882004173
> gpg: using classic trust model
> gpg: keydb_get_keyblock failed: Legacy key
> gpg: error reading key: No public key

interesting.  what is the history of this secret key material?  Was it
generated fresh on 2009-05-29?  or was it converted from some other
(older) key source?

> Aha.  Okay, I seem to have fixed it, although I still don't really
> understand what happened.  On a hunch, I ran:
>
> $ gpg2 --import ~/.gnupg/pubring.gpg
>
> That spat out a bunch of output (tons and tons of those legacy key
> messages), and then I ran:
>
> $ gpg2 --import ~/.gnupg/secring.gpg
>
> again.

Did you happen to compare your test commands (e.g. looking at files,
running "gpg -kv $FPR") between these two --import operations?  I'm
assuming that the last one is the one that "fixed" things, but i'd like
to make sure...

do you know if there were more "legacy key" messages for the second
--import command?

> That prompted me for the passphrase for the private key for
> D15D313882004173, and then apparently successfully imported it.  Now,
> the gpg2 command works:
>
> mithrandir:~$ gpg2 -kv D15D313882004173
> gpg: using classic trust model
> pub   rsa4096/D15D313882004173 2009-05-29 [expires: 2017-09-17]
> uid                 [ultimate] Russ Allbery <ea...@eyrie.org>
> uid                 [ultimate] Russ Allbery <r...@stanford.edu>
> uid                 [ultimate] Russ Allbery <r...@debian.org>
> uid                 [ revoked] Russ Allbery <ea...@windlord.stanford.edu>
> uid                 [ultimate] Russ Allbery <r...@cs.stanford.edu>
> sub   rsa4096/7CE29A76E9769486 2009-05-29 [expires: 2017-09-17]
> sub   rsa2048/7D80315C5736DE75 2010-09-17 [expires: 2016-03-20]
>
> and now assword works again.

ok, i'm glad this part is fixed for you for now, but I'm a little
disturbed that I don't know how to reproduce the scenario you got into.
This is made more complicated by the fact that i don't have (or want)
access to your secret keys, of course.

> So, something weird about the automated key import process for gpg2?

yes, definitely.  I'm retitling the bug to account for that.

     --dkg

Reply via email to