Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > interesting. what is the history of this secret key material? Was it > generated fresh on 2009-05-29? or was it converted from some other > (older) key source?
It was generated fresh on 2009-05-29 using gpg at the time. >> Aha. Okay, I seem to have fixed it, although I still don't really >> understand what happened. On a hunch, I ran: >> >> $ gpg2 --import ~/.gnupg/pubring.gpg >> >> That spat out a bunch of output (tons and tons of those legacy key >> messages), and then I ran: >> >> $ gpg2 --import ~/.gnupg/secring.gpg >> >> again. > Did you happen to compare your test commands (e.g. looking at files, > running "gpg -kv $FPR") between these two --import operations? I'm > assuming that the last one is the one that "fixed" things, but i'd like > to make sure... Sadly, I didn't, but I do know for certain that just doing the second did not fix the problem. It just declined to import the key with the legacy key message and then another message about how there was no self-sig. (Actually, you probably already know that since I think that was a previous message -- now I'm forgetting what I did when.) I started wondering if it couldn't see the self-sig because it didn't have the corresponding public key and wondered what would happen if I imported the public key ring. After I did that, the second command actually imported the secret key as well (in that I saw "1 key imported" in the resulting message). For some reason, all my other secret keys were successfully imported. Just not that one. > do you know if there were more "legacy key" messages for the second > --import command? Oh, yeah, there are tons every time I run that command. Basically one for every key. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>