All geek questions in one place

GnuPG2.1 uses the wrong subscription subsection

So, I have a problem signing documents with gpg2.1. Every time I try to sign something, I get:

λ dixonwille [~] → gpg2 --detach-sign Images/EinsteinWP.jpg 
gpg: using "0xEC933DA229123788" as default secret key for signing
gpg: signing failed: No secret key
gpg: signing failed: No secret key

As stated above, I have a default key set in my configuration. Here is what my personal list shows:

λ dixonwille [~] → gpg2 -K --with-keygrip
/home/dixonwille/.gnupg/pubring.kbx
-----------------------------------
sec#  rsa4096/0x496AC5165C585343 2017-01-14 [SC]
      Key fingerprint = 2092 7961 2A0C EF20 83D0  8244 496A C516 5C58 5343
      Keygrip = 308FF7DD37FB9E175378D76125FCB2BC4C5C225C
uid                   [ultimate] William E. Dixon <dixonwille@gmail.com>
uid                   [ultimate] William E. Dixon <dixonwille@hotmail.com>
uid                   [ultimate] William E. Dixon <will.dixon@acstechnologies.com>
uid                   [ultimate] [jpeg image of size 5910]
ssb   rsa4096/0xD3522B485A800AFD 2017-01-14 [E] [expires: 2018-01-14]
      Keygrip = 178AB20F816E5FAA31440968AD6EA06B0340FB90
ssb   rsa4096/0xEC933DA229123788 2017-01-14 [S] [expires: 2018-01-14]
      Keygrip = 89A90662E5908D5F271B87A5DC6D26F01B53C9EC
ssb   rsa4096/0xBAA693EC561AD6D9 2017-01-14 [A] [expires: 2018-01-14]
      Keygrip = 9D48688AF67C407BB91900BA07725CCE7E08B546
ssb   rsa4096/0x7A3D17611B1FFDD2 2017-01-14 [S] [expires: 2018-01-14]
      Keygrip = 50EE902E41E323600B02769FA2A96FE8C51D5A35
ssb   rsa4096/0xB64824658CE421C8 2017-01-14 [A] [expires: 2018-01-14]
      Keygrip = D3BD87D77B844A5AE54CEC0466353030A816441B
ssb   rsa4096/0x7642000294227858 2017-01-16 [S] [expires: 2018-01-14]
      Keygrip = B10269A98E3D357F3B32C155367B1CEDCAE998E8
ssb   rsa4096/0x32C4DD59E753B43B 2017-01-16 [A] [expires: 2018-01-14]
      Keygrip = 40E86DAAEDEE6BA714F26B09FBA38C35C4E4F264

Now all these keys do not have a personal console. Only three of them (0xD3522B485A800AFD, 0xEC933DA229123788, 0xBAA693EC561AD6D9). To make sure that I ran gpg-connect-agent, ran keyinfo --list.

λ dixonwille [~] → gpg-connect-agent 
> keyinfo --list
S KEYINFO 178AB20F816E5FAA31440968AD6EA06B0340FB90 D - - - P - - -
S KEYINFO 89A90662E5908D5F271B87A5DC6D26F01B53C9EC D - - - P - - -
S KEYINFO 9D48688AF67C407BB91900BA07725CCE7E08B546 D - - - P - - -
OK
>

So, as you can see, my secrets are stored in gpg-agent. Running echo foo | gpg --clearsign -v --debug ipcfor debugging information showed these interesting lines:

gpg: DBG: chan_5 -> HAVEKEY 308FF7DD37FB9E175378D76125FCB2BC4C5C225C
gpg: DBG: chan_5 <- ERR 67108881 No secret key <GPG Agent>
gpg: DBG: chan_5 -> HAVEKEY 89A90662E5908D5F271B87A5DC6D26F01B53C9EC
gpg: DBG: chan_5 <- OK
gpg: using "0xEC933DA229123788" as default secret key for signing
gpg: DBG: chan_5 -> HAVEKEY 308FF7DD37FB9E175378D76125FCB2BC4C5C225C 178AB20F816E5FAA31440968AD6EA06B0340FB90 89A90662E5908D5F271B87A5DC6D26F01B53C9EC 9D48688AF67C407BB91900BA07725CCE7E08B546 50EE902E41E323600B02769FA2A96FE8C51D5A35 D3BD87D77B844A5AE54CEC0466353030A816441B B10269A98E3D357F3B32C155367B1CEDCAE998E8 40E86DAAEDEE6BA714F26B09FBA38C35C4E4F264
gpg: DBG: chan_5 <- OK
gpg: using subkey 0x7642000294227858 instead of primary key 0x496AC5165C585343
gpg: writing to stdout
gpg: DBG: chan_5 -> KEYINFO B10269A98E3D357F3B32C155367B1CEDCAE998E8
gpg: DBG: chan_5 <- ERR 67108891 Not found <GPG Agent>

. Primary Master , . keygrip , using "0xEC933DA229123788" as default secret key for signing. , . HAVEKEY , . true, . using subkey 0x7642000294227858 instead of primary key 0x496AC5165C585343, , .

GnuPG2.1 , ? , , GnuPG2.1.

pinentry, , - , . ssh git@github.com, ( ssh- gpg-agent, ). , gpg-agent.conf , gpg.conf .

+4

:

Source: https://habr.com/ru/post/1669539/

More articles:


All Articles