Re: Won't recognize my secret key
On 6/21/2018 10:41 PM, NIIBE Yutaka wrote: > Basically, secring.gpg only has the information of expiration when it's > created. After changing expiration, it is only recorded in pubring.gpg. > So, it is recommended to do somthing like: Makes sense. >$ gpg --homedir ~/.gnupg.old --export-secret-keys | \ > gpg --homedir ~/.gnupg --import > > (instead of doing --import ~/.gnupg/secring.gpg directly.) > > However, in gnupg/g10/migrate.c, GnuPG itself does that (!). This > should be fixed. The first thing I did was delete ~/.gnupg.old and re-import just like that ( which of course, did not work ). I re-imported only the public key today with --recv-keys and that got the updated selfsig. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Won't recognize my secret key
On 06/22/2018 04:41 AM, NIIBE Yutaka wrote: > Hello, .. > However, in gnupg/g10/migrate.c, GnuPG itself does that (!). This > should be fixed. > Isn't the presumption that auto-migration happens in current homedir, and in this case pubring.gpg would exist anyways, i.e it is only the secring that needs converting to the new format to begin with. I don't see any benefit in changing the method here -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "There is no urge so great as for one man to edit another man's work." (Mark Twain) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Won't recognize my secret key
Hello, Thank you for your report. I think I located the issue of migration. Phillip Susi wrote: > I just noticed that I do have a bunch of key files in > ~/.gnupg/private-keys-v1.d, even though gpg -K does not show them. > > Ahah, gpg -K -v shows them... it seems to think they are all expired. > It lists the expiration date on my current key as 2018-1-6. I believe > that was the *original* expiration date, but then I extended it. gpg > 2.1 seems to be failing to recognize the extension. For the problem of importing secring.gpg directly, we have a task: https://dev.gnupg.org/T3101 Basically, secring.gpg only has the information of expiration when it's created. After changing expiration, it is only recorded in pubring.gpg. So, it is recommended to do somthing like: $ gpg --homedir ~/.gnupg.old --export-secret-keys | \ gpg --homedir ~/.gnupg --import (instead of doing --import ~/.gnupg/secring.gpg directly.) However, in gnupg/g10/migrate.c, GnuPG itself does that (!). This should be fixed. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Won't recognize my secret key
On Donnerstag, 21. Juni 2018 17:27:05 CEST Phillip Susi wrote: > Ok, so if I checkout and build 2.0.31, remove ~/.gnupg, and import my > keyring, all of my private keys show up. If I check out and build 2.1.1 > and run /usr/local/bin/gpg -K, it upgrades to the new key format and > throws out my private keys: > > gpg: starting migration from earlier GnuPG versions > gpg: porting secret keys from '/home/psusi/.gnupg/secring.gpg' to gpg-agent > gpg: key A70FB705: secret key imported > gpg: migration succeeded > /home/psusi/.gnupg/pubring.gpg > -- > sec# rsa2048/A70FB705 2011-12-13 > uid [ unknown] Phillip Susi > uid [ unknown] Phillip Susi > > Any suggestions on how to further debug this? I have imported your key 015F4DD4A70FB705 (btw, you should really enable "keyid-format long" in your gpg.conf because there are two keys with short key ID A70FB705 and uid "Phillip Susi "). $ gpg --list-keys --verbose 015F4DD4A70FB705 gpg: using classic trust model gpg: Note: signature key 9AC13A54FA9EEEF9 expired Fr 13 Dez 2013 06:00:00 CET gpg: Note: signature key 8E45A0223348AAF0 expired Mi 26 Nov 2014 05:28:21 CET gpg: Note: signature key D455AF0D9C8E5E51 expired Do 29 Okt 2015 02:29:24 CET gpg: Note: signature key 107951615CBBA516 expired Fr 30 Sep 2016 00:11:23 CEST pub rsa2048/015F4DD4A70FB705 2011-12-13 [SCA] 1B49F933916A37A3F45A1812015F4DD4A70FB705 uid [ unknown] Phillip Susi uid [ unknown] Phillip Susi sub rsa2048/D1FDDE0451FEF1C9 2011-12-13 [E] [expired: 2013-12-13] sub rsa2048/9AC13A54FA9EEEF9 2011-12-14 [S] [expired: 2013-12-13] sub rsa2048/8E45A0223348AAF0 2013-11-26 [S] [expired: 2014-11-26] sub rsa2048/1B6CD765BDCC7F92 2013-11-26 [E] [expired: 2014-11-26] sub rsa2048/D455AF0D9C8E5E51 2014-10-29 [S] [expired: 2015-10-29] sub rsa2048/BF0C615393A02CCD 2014-10-29 [E] [expired: 2015-10-29] sub rsa2048/107951615CBBA516 2015-10-05 [S] [expired: 2016-09-29] sub rsa2048/EBD87E9510850B71 2015-10-05 [E] [expired: 2016-09-29] sub rsa2048/DB2EC3B96100FE84 2017-01-06 [S] [expires: 2019-01-06] sub rsa2048/0E33D4FE0F60068B 2017-01-06 [E] [expires: 2019-01-06] That's with $ gpg --version gpg (GnuPG) 2.2.7 libgcrypt 1.8.2 So, with respect to your public key everything looks good. Are you sure you are trying to migrate the most recent version of your key? Which expiration dates does the "working system" list? Try importing your public key from a keyserver. Regards, Ingo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Won't recognize my secret key
I just noticed that I do have a bunch of key files in ~/.gnupg/private-keys-v1.d, even though gpg -K does not show them. Ahah, gpg -K -v shows them... it seems to think they are all expired. It lists the expiration date on my current key as 2018-1-6. I believe that was the *original* expiration date, but then I extended it. gpg 2.1 seems to be failing to recognize the extension. On 6/21/2018 11:27 AM, Phillip Susi wrote: > Ok, so if I checkout and build 2.0.31, remove ~/.gnupg, and import my > keyring, all of my private keys show up. If I check out and build 2.1.1 > and run /usr/local/bin/gpg -K, it upgrades to the new key format and > throws out my private keys: > > gpg: starting migration from earlier GnuPG versions > gpg: porting secret keys from '/home/psusi/.gnupg/secring.gpg' to gpg-agent > gpg: key A70FB705: secret key imported > gpg: migration succeeded > /home/psusi/.gnupg/pubring.gpg > -- > sec# rsa2048/A70FB705 2011-12-13 > uid [ unknown] Phillip Susi > uid [ unknown] Phillip Susi > > Any suggestions on how to further debug this? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Won't recognize my secret key
Ok, so if I checkout and build 2.0.31, remove ~/.gnupg, and import my keyring, all of my private keys show up. If I check out and build 2.1.1 and run /usr/local/bin/gpg -K, it upgrades to the new key format and throws out my private keys: gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from '/home/psusi/.gnupg/secring.gpg' to gpg-agent gpg: key A70FB705: secret key imported gpg: migration succeeded /home/psusi/.gnupg/pubring.gpg -- sec# rsa2048/A70FB705 2011-12-13 uid [ unknown] Phillip Susi uid [ unknown] Phillip Susi Any suggestions on how to further debug this? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Won't recognize my secret key
On 6/19/2018 3:05 PM, Phillip Susi wrote: > gpg keeps telling me that I have no secret key. Even after I deleted > the .gnupg directory and copied the pubring and secring from another > computer where it works, this system keeps saying I have no secret keys. > Why does it keep throwing out my secret keys? I have built gnupg-2.0.31 from source and found it to work. gnupg-2.2.4 refuses to import my private keys ( but will import a newly created test key ). So something broke somewhere between 2.0 and 2.2, but apparently 2.1 was a development branch, and it likes to yell at you that you shouldn't be using production keys and refuses to import any private keys, so I can't test to see where it lost the ability to import *my* private key. Is there a way to turn off this damn protection so I can continue to bisect? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Won't recognize my secret key
gpg keeps telling me that I have no secret key. Even after I deleted the .gnupg directory and copied the pubring and secring from another computer where it works, this system keeps saying I have no secret keys. Why does it keep throwing out my secret keys? Working system: C:\Users\psusi\AppData\Roaming\gnupg>gpg --version gpg (GnuPG) 2.0.28 (Gpg4win 2.2.5) C:\Users\psusi\AppData\Roaming\gnupg>gpg -K C:/Users/psusi/AppData/Roaming/gnupg/secring.gpg sec# 2048R/A70FB705 2011-12-13 uid Phillip Susi uid Phillip Susi ssb 2048R/51FEF1C9 2011-12-13 ssb 2048R/FA9EEEF9 2011-12-14 ssb 2048R/3348AAF0 2013-11-26 ssb 2048R/BDCC7F92 2013-11-26 ssb 2048R/9C8E5E51 2014-10-29 ssb 2048R/93A02CCD 2014-10-29 ssb 2048R/5CBBA516 2015-10-05 ssb 2048R/10850B71 2015-10-05 ssb 2048R/6100FE84 2017-01-06 ssb 2048R/0F60068B 2017-01-06 Broken system: psusi@devserv:~$ gpg --version gpg: WARNING: unsafe permissions on homedir '/home/psusi/.gnupg' gpg (GnuPG) 2.2.4 psusi@devserv:~$ gpg -K gpg: WARNING: unsafe permissions on homedir '/home/psusi/.gnupg' /home/psusi/.gnupg/pubring.kbx -- sec# rsa2048 2011-12-13 [SCA] 1B49F933916A37A3F45A1812015F4DD4A70FB705 uid [ultimate] Phillip Susi uid [ultimate] Phillip Susi signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users