On 2018-01-19 at 19:57 +1100, Simon Kissane wrote: > However, when I try to decrypt data encrypted with the private key, I > get a "failed to convert unprotected openpgp key: Checksum error"
Simpler check: % gpg --export-secret-key gpg: key 4252EB6983CE74C44F549B6F8666715904EE61F2: error receiving key from agent: Checksum error - skipped gpg: WARNING: nothing exported If I use `gpg --expert --full-generate-key` to make an SCEA RSA/4096 key, then it looks almost identical in structure to yours. If I just `gpg --import` a dearmored version of the key, then I get a checksum error at that time: gpg: key 68F870F8C0FAA42B: public key "root:testGpg:key_54503F79_3794_456C_8725_8977A68B71C1" imported gpg: key 68F870F8C0FAA42B/68F870F8C0FAA42B: error sending to agent: Checksum error so something in the scripted setup you created suppressed that error message, which is Unfortunate by GnuPG. The key still ends up added to the keyring in the above, even with the error, but it's unusable. This might be a bug in GnuPG: IMO if it's broken and will never be usable, then it should not be added and gpg should exit false. So at this point, it looks to me like it really is an incorrect checksum, exposing unfortunate edge-case handling in GnuPG. -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
