So I am having an issue signing documents with gpg2.1. Every time I try and 
sign something, I get:

λ dixonwille [~] → gpg2 --detach-sign Images/EinsteinWP.jpg 
gpg: using "0xEC933DA229123788" as default secret key for signing
gpg: signing failed: No secret key
gpg: signing failed: No secret key
As the above message specifies I do have a default key set in my config. Here 
is what my private listing shows:

λ dixonwille [~] → gpg2 -K --with-keygrip
/home/dixonwille/.gnupg/pubring.kbx
-----------------------------------
sec#  rsa4096/0x496AC5165C585343 2017-01-14 [SC]
      Key fingerprint = 2092 7961 2A0C EF20 83D0  8244 496A C516 5C58 5343
      Keygrip = 308FF7DD37FB9E175378D76125FCB2BC4C5C225C
uid                   [ultimate] William E. Dixon <dixonwi...@gmail.com>
uid                   [ultimate] William E. Dixon <dixonwi...@hotmail.com>
uid                   [ultimate] William E. Dixon 
<will.di...@acstechnologies.com>
uid                   [ultimate] [jpeg image of size 5910]
ssb   rsa4096/0xD3522B485A800AFD 2017-01-14 [E] [expires: 2018-01-14]
      Keygrip = 178AB20F816E5FAA31440968AD6EA06B0340FB90
ssb   rsa4096/0xEC933DA229123788 2017-01-14 [S] [expires: 2018-01-14]
      Keygrip = 89A90662E5908D5F271B87A5DC6D26F01B53C9EC
ssb   rsa4096/0xBAA693EC561AD6D9 2017-01-14 [A] [expires: 2018-01-14]
      Keygrip = 9D48688AF67C407BB91900BA07725CCE7E08B546
ssb   rsa4096/0x7A3D17611B1FFDD2 2017-01-14 [S] [expires: 2018-01-14]
      Keygrip = 50EE902E41E323600B02769FA2A96FE8C51D5A35
ssb   rsa4096/0xB64824658CE421C8 2017-01-14 [A] [expires: 2018-01-14]
      Keygrip = D3BD87D77B844A5AE54CEC0466353030A816441B
ssb   rsa4096/0x7642000294227858 2017-01-16 [S] [expires: 2018-01-14]
      Keygrip = B10269A98E3D357F3B32C155367B1CEDCAE998E8
ssb   rsa4096/0x32C4DD59E753B43B 2017-01-16 [A] [expires: 2018-01-14]
      Keygrip = 40E86DAAEDEE6BA714F26B09FBA38C35C4E4F264
Now all these keys do not have a private conterpart. Only three of them do 
(0xD3522B485A800AFD, 0xEC933DA229123788, 0xBAA693EC561AD6D9). To make sure I 
ran gpg-connect-agent then ran keyinfo --list.

λ dixonwille [~] → gpg-connect-agent 
> keyinfo --list
S KEYINFO 178AB20F816E5FAA31440968AD6EA06B0340FB90 D - - - P - - -
S KEYINFO 89A90662E5908D5F271B87A5DC6D26F01B53C9EC D - - - P - - -
S KEYINFO 9D48688AF67C407BB91900BA07725CCE7E08B546 D - - - P - - -
OK
> 
So as you can see my secrets are stored in the gpg-agent. Running echo foo | 
gpg --clearsign -v --debug ipc for debug information showed these intresting 
lines:

gpg: DBG: chan_5 -> HAVEKEY 308FF7DD37FB9E175378D76125FCB2BC4C5C225C
gpg: DBG: chan_5 <- ERR 67108881 No secret key <GPG Agent>
gpg: DBG: chan_5 -> HAVEKEY 89A90662E5908D5F271B87A5DC6D26F01B53C9EC
gpg: DBG: chan_5 <- OK
gpg: using "0xEC933DA229123788" as default secret key for signing
gpg: DBG: chan_5 -> HAVEKEY 308FF7DD37FB9E175378D76125FCB2BC4C5C225C 
178AB20F816E5FAA31440968AD6EA06B0340FB90 
89A90662E5908D5F271B87A5DC6D26F01B53C9EC 
9D48688AF67C407BB91900BA07725CCE7E08B546 
50EE902E41E323600B02769FA2A96FE8C51D5A35 
D3BD87D77B844A5AE54CEC0466353030A816441B 
B10269A98E3D357F3B32C155367B1CEDCAE998E8 
40E86DAAEDEE6BA714F26B09FBA38C35C4E4F264
gpg: DBG: chan_5 <- OK
gpg: using subkey 0x7642000294227858 instead of primary key 0x496AC5165C585343
gpg: writing to stdout
gpg: DBG: chan_5 -> KEYINFO B10269A98E3D357F3B32C155367B1CEDCAE998E8
gpg: DBG: chan_5 <- ERR 67108891 Not found <GPG Agent>
Which confuses me. It first checks my Primary Master key for secret, it can't 
find it so fails. Then it checks the keygrip for my default key and then states 
using "0xEC933DA229123788" as default secret key for signing. That sounds good 
please do. But then it sends another HAVEKEY for what looks like all my 
keygrips. This returns true as one of them does have a secret. So it then 
states using subkey 0x7642000294227858 instead of primary key 
0x496AC5165C585343which is the latest signing key I did make.

My real question is how can I force GnuPG2.1 to use the key I specified in the 
default-key. Seems like it gets over written with whatever GnuPG2.1 feels like.

To debunk the pinentry answer I know someone might mention if I don't mention 
it now. If I run ssh g...@github.com I get popped up a dialog to input my key 
password (I use the Authentication key for my ssh keys and store in gpg-agent 
as well). So I know my gpg-agent.conf is set correctly and gpg.conf is set 
correctly.

I have a stack overflow question open for about 8 days with no response. Much 
help is appreciated. 
http://stackoverflow.com/questions/42195987/gnupg2-1-is-using-the-wrong-signing-subkey
 
<http://stackoverflow.com/questions/42195987/gnupg2-1-is-using-the-wrong-signing-subkey>
Thanks in advance.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to