Control: retitle 795639 automated secret key import process for gpg2.1 skips some keys
On Sun 2015-08-16 19:16:03 +0200, Russ Allbery wrote: > Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: >> do you see >> ~/.gnupg/private-keys-v1.d/FD1DA474D3DF3C728C54F9E479EDFC5BBE2E14EA.key >> ? > > No, that file doesn't exist. So it looks like you've located the problem. [...] > mithrandir:~$ gpg2 -kv D15D313882004173 > gpg: using classic trust model > gpg: keydb_get_keyblock failed: Legacy key > gpg: error reading key: No public key interesting. what is the history of this secret key material? Was it generated fresh on 2009-05-29? or was it converted from some other (older) key source? > Aha. Okay, I seem to have fixed it, although I still don't really > understand what happened. On a hunch, I ran: > > $ gpg2 --import ~/.gnupg/pubring.gpg > > That spat out a bunch of output (tons and tons of those legacy key > messages), and then I ran: > > $ gpg2 --import ~/.gnupg/secring.gpg > > again. Did you happen to compare your test commands (e.g. looking at files, running "gpg -kv $FPR") between these two --import operations? I'm assuming that the last one is the one that "fixed" things, but i'd like to make sure... do you know if there were more "legacy key" messages for the second --import command? > That prompted me for the passphrase for the private key for > D15D313882004173, and then apparently successfully imported it. Now, > the gpg2 command works: > > mithrandir:~$ gpg2 -kv D15D313882004173 > gpg: using classic trust model > pub rsa4096/D15D313882004173 2009-05-29 [expires: 2017-09-17] > uid [ultimate] Russ Allbery <ea...@eyrie.org> > uid [ultimate] Russ Allbery <r...@stanford.edu> > uid [ultimate] Russ Allbery <r...@debian.org> > uid [ revoked] Russ Allbery <ea...@windlord.stanford.edu> > uid [ultimate] Russ Allbery <r...@cs.stanford.edu> > sub rsa4096/7CE29A76E9769486 2009-05-29 [expires: 2017-09-17] > sub rsa2048/7D80315C5736DE75 2010-09-17 [expires: 2016-03-20] > > and now assword works again. ok, i'm glad this part is fixed for you for now, but I'm a little disturbed that I don't know how to reproduce the scenario you got into. This is made more complicated by the fact that i don't have (or want) access to your secret keys, of course. > So, something weird about the automated key import process for gpg2? yes, definitely. I'm retitling the bug to account for that. --dkg