Re: Upgrading 2.0.20 to 2.2.24 -- WORKING NOW
Well I'll be that crazy monkey's crazy uncle! I started from scratch -- copied the 2.0.20 .gnupg dir to the 2.2.24 machine, and imported the secret key as the very first operation: $ gpg --import <182E8151.exported gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from '/home/felix/.gnupg/secring.gpg' to gpg-agent gpg: key 783876E9182E8151: secret key imported gpg: key 44752F7C4D3D351A: secret key imported gpg: migration succeeded gpg: key 783876E9182E8151: "Felix Finch (Scarecrow Repairman) " not changed gpg: key 783876E9182E8151: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 $ gpg --list-secret-keys /home/felix/.gnupg/pubring.gpg -- sec dsa1024 1999-12-06 [SCA] E9874493C860246C3B1E6477783876E9182E8151 uid [ultimate] Felix Finch (Scarecrow Repairman) ssb elg2048 1999-12-06 [E] sec dsa1024 1999-12-06 [SCA] 7689998F39D1EA2F37AECF5844752F7C4D3D351A uid [ unknown] Felix Finch (Remote Access) ssb elg1024 1999-12-06 [E] Of course this confused me, why would it matter that I imported and migrated together? So I started from scratch again with just --list-secret-keys, no import, and it worked too. I can only guess that the original copy of .gnupg was not copied correctly, or got corrupted somehow. And thanks to everyone who had the patience to deal with my problem. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On Tue, 19 Jun 2018 22:31, fe...@crowfix.com said: > I tried both these steps, and neither changed anything. Import said it > imported, but I have a saved copy of .gnupg, and there was no difference after Did it say that an secret key was imported? You check your secret keys using gpg -K [USERIDs] if you add --debug=ipc you will how gpg asks gpg-agent whether a secret key is available for a given public key. Here the so-called keygrips are used and not the fingerprints of the key. In the directory ".gnupg/private-keys-v1.d" you should find files of the form "KEYGRIP.key. These store the private keys. Do you have some? To see the keygrips of a key you used gpg --with-keygrip -k [USERIDs] Youy can used --debug=ipc also with --import which then shows how gpg sends the private keys to gpg-agent. Does it all look fine or do you see "ERR" lines? Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpcIJfvUYxu_.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On Mon, Jun 18, 2018 at 08:36:38AM +0200, Werner Koch wrote: > On Mon, 18 Jun 2018 07:44, skqu...@rushpost.com said: > > > The format secret keys are stored in changed between 2.0.x and 2.1.x. It > > is possible that 2.2.x no longer has the code in it to migrate to the > > 2.2 still has the migration code. However, once a migration is done it > will not be done again. Thus adding a new key with an old version of gpg > at least the secret key won't show up in a newer gpg version. > > > new format, in which case you might need to import secring.gpg manually > > and set the trust to ultimate manually as well. > > Right. The official way to do this is to run > gpg --export-secret-key KEYID >FILE > using the old version of gpg and then to run > gpg --import using the new version of gpg. It is also possible to delete the file > ~/.gnupg/.gpg-v21-migrated so that a migration will be triggered again. I tried both these steps, and neither changed anything. Import said it imported, but I have a saved copy of .gnupg, and there was no difference after the import. The re-migration recreated the .gpg-v21-migrated file, but also made no difference. Still can't see the secret keys or decrypt anything. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On Mon, Jun 18, 2018 at 03:19:53PM +0200, Kristian Fiskerstrand wrote: > On 06/18/2018 03:06 PM, fe...@crowfix.com wrote: > > Says it imported the secret keys, but doesn't show them. > > Any chance they are expired? Try playing with --list-options, in > particular the show-unusable-* variants > > Are they listed with --list-keys ? >From the 2.0.20 machiine: $ gpg --list-secret-keys /home/felix/.gnupg/secring.gpg -- sec 1024D/182E8151 1999-12-06 uid Felix Finch (Scarecrow Repairman) ssb 2048g/A3362105 1999-12-06 sec 1024D/4D3D351A 1999-12-06 uid Felix Finch (Remote Access) ssb 1024g/C2422DAD 1999-12-06 $ gpg --list-keys /home/felix/.gnupg/pubring.gpg -- pub 1024D/182E8151 1999-12-06 uid Felix Finch (Scarecrow Repairman) sub 2048g/A3362105 1999-12-06 pub 1024D/4D3D351A 1999-12-06 uid Felix Finch (Remote Access) sub 1024g/C2422DAD 1999-12-06 $ ls -al .gnupg total 38 drwx-- 4 felix users 360 Jun 18 05:48 . drwx-- 68 felix users 5744 Jun 18 00:00 .. -r 1 felix users 42 Sep 3 2008 gpg-agent.conf -r 1 felix users 51 Sep 3 2008 .gpg-agent-info -r 1 felix users 2844 Nov 26 2004 options drwx-- 2 felix users 48 Jun 7 2007 private-keys-v1.d -rw--- 1 felix users 2088 Jun 7 2012 pubring.gpg -rw--- 1 felix users 2072 Dec 5 1999 pubring.gpg~ -rw--- 1 felix users 600 Jun 17 15:08 random_seed drwx-- 2 felix users 152 Sep 3 2008 RCS -rw--- 1 felix users 2836 Dec 5 1999 secring.gpg -rw--- 1 felix users 1280 Jun 7 2012 trustdb.gpg $ >From the 2.2.24 machine: $ gpg --list-secret-keys $ gpg --list-keys /home/felix/.gnupg/pubring.kbx -- pub dsa1024 1999-12-06 [SCA] E9874493C860246C3B1E6477783876E9182E8151 uid [ unknown] Felix Finch (Scarecrow Repairman) sub elg2048 1999-12-06 [E] pub dsa1024 1999-12-06 [SCA] 7689998F39D1EA2F37AECF5844752F7C4D3D351A uid [ unknown] Felix Finch (Remote Access) sub elg1024 1999-12-06 [E] $ ls -al .gnupg total 192 drwx-- 4 felix felix 4096 Jun 18 05:52 . drwx-- 75 felix felix 32768 Jun 17 12:37 .. -r 1 felix felix42 Sep 3 2008 gpg-agent.conf -r 1 felix felix51 Sep 3 2008 .gpg-agent-info -rw--- 1 felix felix 0 Jun 18 05:52 .gpg-v21-migrated -r 1 felix felix 2844 Nov 26 2004 options drwx-- 2 felix felix 4096 Oct 22 2017 private-keys-v1.d -rw--- 1 root root 12226 Oct 22 2017 pubring.gpg -rw--- 1 root root 12226 Oct 22 2017 pubring.gpg~ -rw--- 1 felix felix 2484 Jun 17 13:44 pubring.kbx -rw--- 1 felix felix 1385 Jun 17 13:44 pubring.kbx~ -rw--- 1 felix felix 600 Jun 17 15:17 random_seed drwx-- 2 felix felix 4096 Sep 3 2008 RCS -rw--- 1 felix felix 2836 Dec 5 1999 secring.gpg -rw--- 1 felix felix 1280 Jun 17 14:54 trustdb.gpg $ -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On 06/18/2018 03:06 PM, fe...@crowfix.com wrote: > Says it imported the secret keys, but doesn't show them. Any chance they are expired? Try playing with --list-options, in particular the show-unusable-* variants Are they listed with --list-keys ? Try importing the public keyring separately, in case there is sync issue and that has been updated without secring being updated. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Excellence is not a singular act but a habit. You are what you do repeatedly." (Shaquille O'Neal) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On Mon, Jun 18, 2018 at 08:36:38AM +0200, Werner Koch wrote: > On Mon, 18 Jun 2018 07:44, skqu...@rushpost.com said: > > > The format secret keys are stored in changed between 2.0.x and 2.1.x. It > > is possible that 2.2.x no longer has the code in it to migrate to the > > 2.2 still has the migration code. However, once a migration is done it > will not be done again. Thus adding a new key with an old version of gpg > at least the secret key won't show up in a newer gpg version. > > > new format, in which case you might need to import secring.gpg manually > > and set the trust to ultimate manually as well. > > Right. The official way to do this is to run > gpg --export-secret-key KEYID >FILE > using the old version of gpg and then to run > gpg --import using the new version of gpg. It is also possible to delete the file > ~/.gnupg/.gpg-v21-migrated so that a migration will be triggered again. Thanks -- but that didn't do the trick. $ gpg --list-secret-keys gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from '/home/felix/.gnupg/secring.gpg' to gpg-agent gpg: key 783876E9182E8151: secret key imported gpg: key 44752F7C4D3D351A: secret key imported gpg: migration succeeded $ gpg --list-secret-keys $ Says it imported the secret keys, but doesn't show them. Don't think it's permissions; the only read-only files are options, gpg-agent.conf, and .gpg-agent-info. Killed gpg-agent; it restarted fine, but gpg still doesn't show the secret keys. I'll have to try the export-import angle later; the old machine is old enough that physically copying files requires some legwork. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On Mon, 18 Jun 2018 07:44, skqu...@rushpost.com said: > The format secret keys are stored in changed between 2.0.x and 2.1.x. It > is possible that 2.2.x no longer has the code in it to migrate to the 2.2 still has the migration code. However, once a migration is done it will not be done again. Thus adding a new key with an old version of gpg at least the secret key won't show up in a newer gpg version. > new format, in which case you might need to import secring.gpg manually > and set the trust to ultimate manually as well. Right. The official way to do this is to run gpg --export-secret-key KEYID >FILE using the old version of gpg and then to run gpg --import pgpS16YG0wb2s.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On 06/17/2018 05:20 PM, fe...@crowfix.com wrote: > gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created > -mm-dd > "Felix Finch (Scarecrow Repairman) " > gpg: decryption failed: No secret key The format secret keys are stored in changed between 2.0.x and 2.1.x. It is possible that 2.2.x no longer has the code in it to migrate to the new format, in which case you might need to import secring.gpg manually and set the trust to ultimate manually as well. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
Hi Felix, > gpg -e dest -r fe...@crowfix.com ... > gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created > -mm-dd > "Felix Finch (Scarecrow Repairman) " > gpg: decryption failed: No secret key The key for recipient fe...@crowfix.com that was used to encrypt is not on the machine that's decrypting. See the --list*keys options in gpg(1). --export and --import could also be useful. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Upgrading 2.0.20 to 2.2.24
I have a seldom-used need to encrypt a few files, and the last time I did was on a gentoo system running 2.0.20. gpg -e dest -r fe...@crowfix.com I have migrated the .gnupg dir to an Ubuntu 18.04 system running 2.2.24, and the gpg command seems to have mutated. The gentoo 2.0.20 command can decrypt what the Ubuntu 2.2.24 command encrypts. But the Ubuntu 2.2.24 command will not decrypt either what it just encrypted or what the gentoo 2.0.20 command encrypted: gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created -mm-dd "Felix Finch (Scarecrow Repairman) " gpg: decryption failed: No secret key The enceyption command also seems pickier: gpg: 18DCDD20A3362105: There is no assurance this key belongs to the named user sub elg2048/18DCDD20A3362105 1999-12-06 Felix Finch (Scarecrow Repairman) Primary key fingerprint: E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 Subkey fingerprint: 1A59 C8A1 81FB 6780 641C D17E 18DC DD20 A336 2105 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) Can someone offer an explanation so I don't have to dredge through a zillion changelogs to see why 2.2.24 is pickier? What does it mean to say there is no secret key? -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users