[SOLVED] (was: gpgsm "Encrypt failed" "Unusable public key: 53A51054BB68F7C3" root certificate missing?)
>>> "UBvG" == Uwe Brauer via Gnupg-users writes: > Hi > I am on Ubuntu 16.04 running > gpgsm (GnuPG) 2.1.11 > libgcrypt 1.6.5 > libksba 1.3.3-unknown > I am also a die hard user of emacs and use it for encrypting and > decrypting my mails. > I received a smime message from a colleague (with his public key > embedded of course). > When I tried to send him a smime encrypted and signed message I obtained > the lisp error: > Debugger entered--Lisp error: (epg-error "Encrypt failed" "Unusable public > key: 53A51054BB68F7C3") It turned out that I indeed needed root certificate AC_Sector_Publico.cer That I imported via gpgsm --import *.cer Then everything was fine. Sorry for the noise. Regards Uwe Brauer smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm "Encrypt failed" "Unusable public key: 53A51054BB68F7C3" root certificate missing?
On Sun, 26 Dec 2021 09:20, Uwe Brauer said: > gpgsm (GnuPG) 2.1.11 Please get a decent version. The LTS branch is currently at 2.2.33. Your version is 5 years old! Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgsm "Encrypt failed" "Unusable public key: 53A51054BB68F7C3" root certificate missing?
Hi I am on Ubuntu 16.04 running gpgsm (GnuPG) 2.1.11 libgcrypt 1.6.5 libksba 1.3.3-unknown I am also a die hard user of emacs and use it for encrypting and decrypting my mails. I received a smime message from a colleague (with his public key embedded of course). When I tried to send him a smime encrypted and signed message I obtained the lisp error: Debugger entered--Lisp error: (epg-error "Encrypt failed" "Unusable public key: 53A51054BB68F7C3") I suspect that the key was signed from an authority whose root certificate I don't posses. For example using thunderbird and opening his signed message, I see I also tried to run gpgsm -e -r aro...@ucm.es epg-bug.txt But I receive gpgsm: enabled debug flags: ipc gpgsm: can't encrypt to 'aro...@ucm.es': Ambiguous name secmem usage: 0/16384 bytes in 0 blocks I am not sure whether this connected, but I do have old certificates of this user. Any help would be strongly appreciated. Regards Uwe Brauer smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: "skipped: Unusable public key"
Create another subkey with the "Encryption" usage. This page may help: https://alexcabal.com/creating-the-perfect-gpg-keypair Don't skip the part about creating backups. You might have a good reason to skip this part, and many people have a lot of good reasons to skip creating a backup, but what most people don't know is that these are actually bad reasons. Create a backup of your keys. This page may help: https://msol.io/blog/tech/back-up-your-pgp-keys-with-gpg/ On 2020-07-27T17:23:31-0700 Ayoub Misherghi wrote 0.5K bytes: > If it is not in my machine I do not know where it is. I did not export it. I > did not share it or put on any server. > > > On 7/27/2020 4:51 PM, Philihp Busby wrote: > > It appears that 3C5B212A55B966881E2D2718A45398B520BEE91E does not have the > > [E] usage for encryption, nor does it have any subkeys with that usage. > > This subkey would have been created by default when the master key was > > created. See if you can recover it? > > > > From your prior message on 2020-07-13, it has the ID > > F2A76096E857E2AF607DD144D17AA44F49BB5A08. > > > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: "skipped: Unusable public key"
On Mon, 27 Jul 2020 15:52, Ayoub Misherghi said: > ayoub@vboxpwfl:~/testdir$ gpg -r sentry -e textfile > > gpg: sentry: skipped: Unusable public key > gpg: textfile: encryption failed: Unusable public key There is no key with a user id "sentry" which has a key capable of encryption ([E]). I agree that the diagnostic could be better. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: "skipped: Unusable public key"
If it is not in my machine I do not know where it is. I did not export it. I did not share it or put on any server. On 7/27/2020 4:51 PM, Philihp Busby wrote: It appears that 3C5B212A55B966881E2D2718A45398B520BEE91E does not have the [E] usage for encryption, nor does it have any subkeys with that usage. This subkey would have been created by default when the master key was created. See if you can recover it? From your prior message on 2020-07-13, it has the ID F2A76096E857E2AF607DD144D17AA44F49BB5A08. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: "skipped: Unusable public key"
It appears that 3C5B212A55B966881E2D2718A45398B520BEE91E does not have the [E] usage for encryption, nor does it have any subkeys with that usage. This subkey would have been created by default when the master key was created. See if you can recover it? >From your prior message on 2020-07-13, it has the ID >F2A76096E857E2AF607DD144D17AA44F49BB5A08. On 2020-07-27T15:52:04-0700 Ayoub Misherghi via Gnupg-users wrote 1.8K bytes: > > Not obvious to me why that is happening: > > > ayoub@vboxpwfl:~/testdir$ ls > > textfile > > > ayoub@vboxpwfl:~/testdir$ gpg -r sentry -e textfile > > gpg: sentry: skipped: Unusable public key > gpg: textfile: encryption failed: Unusable public key > > > > ayoub@vboxpwfl:~/testdir$ gpg --list-keys > > /home/ayoub/.gnupg/pubring.kbx > -- > pub ed25519 2020-07-09 [SC] [expires: 2020-09-25] > 3C5B212A55B966881E2D2718A45398B520BEE91E > uid [ultimate] sentry > > pub ed25519 2020-07-09 [SC] [expires: 2021-07-09] > 7A675D7F52BC905C22F8249091556BC29D4C595E > uid [ultimate] develop1 > sub cv25519 2020-07-09 [E] [expires: 2021-07-09] > > > > ayoub@vboxpwfl:~/testdir$ gpg --list-secret-keys > /home/ayoub/.gnupg/pubring.kbx > -- > sec ed25519 2020-07-09 [SC] [expires: 2020-09-25] > 3C5B212A55B966881E2D2718A45398B520BEE91E > uid [ultimate] sentry > > sec ed25519 2020-07-09 [SC] [expires: 2021-07-09] > 7A675D7F52BC905C22F8249091556BC29D4C595E > uid [ultimate] develop1 > ssb cv25519 2020-07-09 [E] [expires: 2021-07-09] > > ayoub@vboxpwfl:~/testdir$ > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
"skipped: Unusable public key"
Not obvious to me why that is happening: ayoub@vboxpwfl:~/testdir$ ls textfile ayoub@vboxpwfl:~/testdir$ gpg -r sentry -e textfile gpg: sentry: skipped: Unusable public key gpg: textfile: encryption failed: Unusable public key ayoub@vboxpwfl:~/testdir$ gpg --list-keys /home/ayoub/.gnupg/pubring.kbx -- pub ed25519 2020-07-09 [SC] [expires: 2020-09-25] 3C5B212A55B966881E2D2718A45398B520BEE91E uid [ultimate] sentry pub ed25519 2020-07-09 [SC] [expires: 2021-07-09] 7A675D7F52BC905C22F8249091556BC29D4C595E uid [ultimate] develop1 sub cv25519 2020-07-09 [E] [expires: 2021-07-09] ayoub@vboxpwfl:~/testdir$ gpg --list-secret-keys /home/ayoub/.gnupg/pubring.kbx -- sec ed25519 2020-07-09 [SC] [expires: 2020-09-25] 3C5B212A55B966881E2D2718A45398B520BEE91E uid [ultimate] sentry sec ed25519 2020-07-09 [SC] [expires: 2021-07-09] 7A675D7F52BC905C22F8249091556BC29D4C595E uid [ultimate] develop1 ssb cv25519 2020-07-09 [E] [expires: 2021-07-09] ayoub@vboxpwfl:~/testdir$ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: skipped: Unusable public key error
Am Mittwoch 10 Januar 2018 14:51:24 schrieb Rajireddy Saddi (OSV): > I used below command for encryption but I am getting below error > skipped: Unusable public key error Try the same command with more verbosity, e.g. by adding the following options, try to get more verbose if you do not see the reason -v -vv -vvv --debug-all Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
skipped: Unusable public key error
Hi, I am using GPG 2.2.3 I have imported key successfully and did edit and trust I used below command for encryption but I am getting below error skipped: Unusable public key error gpg --pinentry-mode loopback --sign --encrypt --armor -u x -o E:\New\test.txt.gpg -r x --passphrase mypasspharse E:\New\test.txt Please let me the reason for error, please could you help on this, it is urgent for me. Thanks, Raji CONFIDENTIALITY NOTICE: This e-mail and the attachment(s) hereto (if any) contain confidential information that is privileged and intended only for the addressee(s) hereof. If you are not an intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and/or the accompanying attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by return e-mail. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: unusable public key?
deborah.mitch...@uticanational.com wrote the following on 6/29/09 9:12 AM: [...] When I list the keys I see the pub and uid but no sub for this key. Can someone help me figure out what needs to be done to correct this? Thank you, Debbie Mitchell Utica National Insurance Group Please try the command: gpg --edit-key [Key ID]. 1. If the output shows the letter D appended to the key length, and an item like 'usage: SC', then this is a DSA key that can be used only for signing and certifying, but not for encryption, and the only remedy I can think of is that you ask your business partner to supply you with a key that can be used for encryption. 2. If the output shows the letter R appended to the key length, then it might be a Legacy RSA key, that needs the IDEA cipher to be included and available in your crypto system. IDEA is (or used to be) a licensed cipher, therefore you might want to clarify this issue before you set your system to include IDEA. 3. Other possibilities: the key has been revoked by its owner, but that information should show in the --edit-key output. I hope this is not too confusing. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
encryption failed: unusable public key
bash-2.03$ gpg -r xpress (comment) [EMAIL PROTECTED] --encrypt /export/home/xpress/ashu/readme.txt gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: xpress (comment) [EMAIL PROTECTED]: skipped: unusable public key gpg: /export/home/xpress/ashu/readme.txt: encryption failed: unusable public key bash-2.03$ echo $? 2 when i go to $HOME/.gnupg- ls -la bash-2.03$ ls -la total 46 drwx-- 2 xpress logadmin 512 Jun 22 14:34 . drwxr-xr-x 121 xpress logadmin 12288 Jun 22 14:17 .. -rw--- 1 xpress logadmin1147 Jun 22 14:32 pubring.gpg -rw--- 1 xpress logadmin1147 Jun 22 14:32 pubring.gpg~ -rw--- 1 xpress logadmin 600 Jun 22 14:32 random_seed -rw--- 1 xpress logadmin2476 Jun 22 14:32 secring.gpg -rw--- 1 xpress logadmin1280 Jun 22 14:32 trustdb.gpg what we are missing-what i have done wrong...? With Best Regards Ashutosh Sharma Enterprise Case, Communication, Billing Payments Email: [EMAIL PROTECTED] American Express made the following annotations on 06/22/07, 14:37:02 -- ** This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you. American Express a ajouté le commentaire suivant le 06/22/07, 14:37:02 Ce courrier et toute pièce jointe qu'il contient sont réservés au seul destinataire indiqué et peuvent renfermer des renseignements confidentiels et privilégiés. Si vous n'êtes pas le destinataire prévu, toute divulgation, duplication, utilisation ou distribution du courrier ou de toute pièce jointe est interdite. Si vous avez reçu cette communication par erreur, veuillez nous en aviser par courrier et détruire immédiatement le courrier et les pièces jointes. Merci. ** == ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error with encrypting: unusable public key
Hi all, I keep getting an error trying to encrypt to the key 0xCC21E10F. The key is self-signed, gpg --check-sigs does not complain, but still when I try to encrypt I get: gpg: 0xCC21E10F: skipped: unusable public key I am using gpg 1.4.5 on a Linux box (SuSE 10.2). Could this be a matter of algorithms? The key is available on the keyservers. Thanks for help, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
Olaf Gellert wrote: 0xCC21E10F. The key is self-signed, gpg --check-sigs does not complain, but still when I try to encrypt I get: gpg: 0xCC21E10F: skipped: unusable public key pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC This is the information given in --edit-key. And the usage is the solution for your problem. It has *no* capability to encrypt data. Timo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
Timo Schulz wrote: pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC This is the information given in --edit-key. And the usage is the solution for your problem. It has *no* capability to encrypt data. Thanx, I missed that. So this is one of the sign only keys and to enable encryption, one would add an encryption only subkey? Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
Olaf Gellert wrote: keys and to enable encryption, one would add an encryption only subkey? IIRC, it is not possible to change the capabilities of an existing key with GPG. Somebody might correct me if I'm wrong. And yes, the only way to encrypt to this key is to add an encryption subkey to it. It is also possible that people have separate keys for certifying/signing and encryption. Timo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
Hello Olaf ! Olaf Gellert [EMAIL PROTECTED] wrote: pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC This is the information given in --edit-key. And the usage is the solution for your problem. It has *no* capability to encrypt data. Thanx, I missed that. So this is one of the sign only keys and to enable encryption, one would add an encryption only subkey? Not on that one, it's a RSA key. -- Laurent Jumet KeyID: 0xCFAF704C ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
Laurent Jumet wrote: Thanx, I missed that. So this is one of the sign only keys and to enable encryption, one would add an encryption only subkey? Not on that one, it's a RSA key. But if I see it correctly, it's _no_ v3 key so you can add a subkey to this key even if it is RSA (which is no limitation in OpenPGP). Timo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
On Fri, Mar 02, 2007 at 11:05:48AM +0100, Laurent Jumet wrote: Hello Olaf ! Olaf Gellert [EMAIL PROTECTED] wrote: pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC This is the information given in --edit-key. And the usage is the solution for your problem. It has *no* capability to encrypt data. Thanx, I missed that. So this is one of the sign only keys and to enable encryption, one would add an encryption only subkey? Not on that one, it's a RSA key. It's okay - this is the new sort (i.e. OpenPGP or V4) of RSA key. You can add subkeys and do anything you'd do with any other OpenPGP key. Only the old PGP 2.x (V3) RSA keys cannot carry subkeys. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error with encrypting: unusable public key
Hello Timo ! Timo Schulz [EMAIL PROTECTED] wrote: Thanx, I missed that. So this is one of the sign only keys and to enable encryption, one would add an encryption only subkey? Not on that one, it's a RSA key. But if I see it correctly, it's _no_ v3 key so you can add a subkey to this key even if it is RSA (which is no limitation in OpenPGP). I was (wrongly) thinking that a RSA key wasn't able to hold subkeys. This one is v4: === Begin Windows Clipboard === :public key packet: version 4, algo 1, created 1164120402, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] :user ID packet: David A. Mundie (Dodo Magnifico) [EMAIL PROTECTED] :signature packet: algo 1, keyid 09F096B7CC21E10F version 4, created 1164120402, md5len 0, sigclass 13 digest algo 2, begin of digest 17 3f hashed subpkt 2 len 4 (sig created 2006-11-21) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 09F096B7CC21E10F) data: [2045 bits] === End Windows Clipboard === -- Laurent Jumet KeyID: 0xCFAF704C ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Error with encrypting: unusable public key
David Shaw dshaw at jabberwocky.com Fri Mar 2 13:58:08 CET 2007 wrote: Only the old PGP 2.x (V3) RSA keys cannot carry subkeys. and all v3 rsa keys are both sign and encrypt, but, if anyone prefers not to have subkeys, gnupg allows v4 rsa keys to be generate as a single key with both sign and encrypt functions, similar to v3 keys (but with the capability of adding a subkey at any time) vedaal -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxfCRYmrIndXP0tJiSe86TKc/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error: unusable public key
Hello, I'm having another problem, again not in the FAQ: sql.gz: encryption failed: unusable public key This happens when I try to encrypt a file with my public key. This is what I'm trying to do: I want to backup a remote database regularly but I'd like to transmit it encrypted. So I want to run this command: sqldump ... | gzip -c | gpg ... -o backup.gpg And then send the file backup.gpg to the client. This should be more than enogh for my needs. So, I have gpg installed in the server. I imported my public key and I didn't see any errors. I went to the .gnupg directory and pubring.gpg is there and has a non-zero size. When I do a --list-keys on the server I see my public key there: /path/to/.gnupg/pubring.gpg pub 1024D/42713DE9 2006-03-21 Daniel Carrera [EMAIL PROTECTED] sub 2048g/F2EB9C97 2006-03-21 I am trying to encrypt with the following command: $ gpg -a --homedir /path/to/.gnupg -r [EMAIL PROTECTED] --batch -o sql.asc -e sql.gz Note: The '-e sql.gz' is for testing. I'll replace this by a pipe later. When I run this command from a PHP script I get this error: gpg: F2EB9C97: There is no indication that this key really belongs to the owner gpg: sql.gz: encryption failed: unusable public key I don't care about the first line. I don't plan to have a secret key on the server. But that first line does show that it located the correct public key. I don't understand how the public key can be unusable if it can identify the key ID correctly. What are the chances of that? Could it be that I don't have a secret key? Why would a secret key be required if I just want to encrypt? Could it be because I'm running this from a PHP script? Why would that make the key unusable? I'm sure I'm not the first person who has thought of putting gpg on a server and using only a public key for encryption. Help? Any suggestions would be most appreciated. Cheers, Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error: unusable public key
Daniel Carrera wrote: Hello, I'm having another problem, again not in the FAQ: sql.gz: encryption failed: unusable public key This happens when I try to encrypt a file with my public key. snip /path/to/.gnupg/pubring.gpg pub 1024D/42713DE9 2006-03-21 Daniel Carrera [EMAIL PROTECTED] sub 2048g/F2EB9C97 2006-03-21 I am trying to encrypt with the following command: $ gpg -a --homedir /path/to/.gnupg -r [EMAIL PROTECTED] --batch -o sql.asc -e sql.gz Note: The '-e sql.gz' is for testing. I'll replace this by a pipe later. When I run this command from a PHP script I get this error: gpg: F2EB9C97: There is no indication that this key really belongs to the owner gpg: sql.gz: encryption failed: unusable public key You haven't specified that the key is trusted in the local trustdb. You'll need to either remote login and: $ gpg --edit 0x42713DE9 Command trust Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 4 or add the option --trust-model always to your gpg exectution command, ie. $ gpg -a --homedir /path/to/.gnupg --trust-model always -r [EMAIL PROTECTED] --batch -o sql.asc -e sql.gz or add trust-model always to your .gnupg/gpg.conf file. HTH, -- Alphax | /\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email vCards http://tinyurl.com/cc9up| / \ signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users