1 |
On 10/13/2015 04:53 PM, Andrew Savchenko wrote: |
2 |
> Hello, |
3 |
> |
4 |
> I updated to gnupg-2.1.9 from 2.0.x on both my desktop and laptop |
5 |
> and now I have big problems. |
6 |
> |
7 |
> 1. gpgme is now broken. |
8 |
> |
9 |
> Gpgme consumers (e.g. sylpheed, mcabber) can verify, encrypt and |
10 |
> decrypt messages, but can't sign them. On signing I have the |
11 |
> following issues: |
12 |
> |
13 |
> Please enter your PGP passphrase: |
14 |
> [17:26:06] GPGME signature error: Unusable secret key |
15 |
> |
16 |
> Or: |
17 |
> ** Sylpheed-WARNING: pgp_sign(): signing failed: User defined error |
18 |
> code 1 |
19 |
> |
20 |
> I _can_ sign using the very same keys and plain |
21 |
> gpg -s --default-key $id |
22 |
> command. GPG itself works fine, something is amiss with gmgme. |
23 |
> |
24 |
> I updated gpgme, libgcrypt, libgpg-error and libassuan to the |
25 |
> latest unstable versions and rebuilt consumer applications. |
26 |
> Of course, keys were migrated to the new format using gpg --import |
27 |
> and gpg-agent was restarted (I even rebooted the whole host), but |
28 |
> problem is still here. |
29 |
> |
30 |
> The problem is even more strange, since I found a workaround way to |
31 |
> sign messages in sylpheed. Program has three options for key |
32 |
> selection: |
33 |
> a) use default GPG key; |
34 |
> b) select key by e-mail; |
35 |
> c) use key with provided ID. |
36 |
> |
37 |
> Options b) and c) cause the error above, while option a) works, so |
38 |
> by editing gpg.conf I can set default key id to what I need to sign |
39 |
> a message. This is very inconvenient (since I have many keys), but |
40 |
> at least works somehow. |
41 |
> |
42 |
> |
43 |
> 2. I have duplicated keys in the ring with the same ID and |
44 |
> fingerprint. |
45 |
> |
46 |
> Duplication happens only to _some_ of my keys where I have a secret |
47 |
> key, fetched public keys of other users are not duplicated. |
48 |
> |
49 |
> Examples: |
50 |
> a) Here I have the very same key twice: |
51 |
> |
52 |
> $ gpg --fingerprint -K 0x8EE705C07CFA83D3 |
53 |
> sec rsa4096/0x8EE705C07CFA83D3 2012-09-11 [expired: 2015-09-11] |
54 |
> Key fingerprint = 3F2D 1E49 4F96 2CE6 1597 F217 8EE7 05C0 7CFA 83D3 |
55 |
> uid [ expired] Bircoph <bircoph@××××××.ru> |
56 |
> |
57 |
> sec rsa4096/0x8EE705C07CFA83D3 2012-09-11 [expired: 2015-09-11] |
58 |
> Key fingerprint = 3F2D 1E49 4F96 2CE6 1597 F217 8EE7 05C0 7CFA 83D3 |
59 |
> uid [ expired] Bircoph <bircoph@××××××.ru> |
60 |
> |
61 |
> b) Now comes more interesting: |
62 |
> |
63 |
> $ gpg --fingerprint -K 0x565953B95372756C |
64 |
> sec rsa4096/0x565953B95372756C 2013-02-27 [expires: 2018-02-26] |
65 |
> Key fingerprint = 63EB 04FA A30C 76E2 952E 6ED6 5659 53B9 5372 756C |
66 |
> uid [ultimate] Andrew Savchenko <bircoph@×××××.com> |
67 |
> uid [ultimate] Andrew A. Savchenko (NRNU MEPhI) <aasavchenko@×××××.ru> |
68 |
> uid [ultimate] Andrew A. Savchenko (UT Department) <aasavchenko@××××××××.ru> |
69 |
> uid [ultimate] Andrew Savchenko (Gentoo Dev) <bircoph@g.o> |
70 |
> uid [ultimate] Andrew A. Savchenko (XMPP) <bircoph@××××××.ru> |
71 |
> uid [ultimate] Andrew A. Savchenko (UT Department) <bircoph@××××××××.ru> |
72 |
> uid [ultimate] Andrey Savchenko (RHIC) <bircoph@××××××××××××.gov> |
73 |
> ssb rsa4096/0x7AB649CA518C8321 2013-02-27 [expires: 2018-02-26] |
74 |
> ssb rsa4096/0xF6535A33BA1EE48D 2015-01-13 [expires: 2018-01-12] |
75 |
> |
76 |
> sec rsa4096/0x565953B95372756C 2013-02-27 [expires: 2018-02-26] |
77 |
> Key fingerprint = 63EB 04FA A30C 76E2 952E 6ED6 5659 53B9 5372 756C |
78 |
> uid [ultimate] Andrew A. Savchenko (NRNU MEPhI) <aasavchenko@×××××.ru> |
79 |
> uid [ultimate] Andrew Savchenko <bircoph@×××××.com> |
80 |
> uid [ultimate] Andrew Savchenko (Gentoo Dev) <bircoph@g.o> |
81 |
> uid [ultimate] Andrew A. Savchenko (XMPP) <bircoph@××××××.ru> |
82 |
> uid [ultimate] Andrew A. Savchenko (UT Department) <bircoph@××××××××.ru> |
83 |
> uid [ultimate] Andrew A. Savchenko (UT Department) <aasavchenko@××××××××.ru> |
84 |
> ssb rsa4096/0x7AB649CA518C8321 2013-02-27 [expires: 2018-02-26] |
85 |
> ssb rsa4096/0xF6535A33BA1EE48D 2015-01-13 [expires: 2018-01-12] |
86 |
> |
87 |
> I have two versions of the same key: the latest and previous one |
88 |
> (before I added one more e-mail uid to the key). |
89 |
> |
90 |
> This problem may be related to the first one, may be not, I'm not |
91 |
> sure. It is possible that gpgme goes crazy with these duplicates. |
92 |
> |
93 |
> I have no idea how to remove duplicates and old versions. All gpg |
94 |
> commands are tied to either key id, e-mail or fingerprint. They |
95 |
> are all not unique to delete such duplicates. |
96 |
> |
97 |
> I have though that this may happen due to both secring.gpg and |
98 |
> private-keys-v1.d present, but moving secring.gpg away doesn't |
99 |
> help. |
100 |
> |
101 |
> Maybe manual editing of pubring.gpg will help to remove duplicates, |
102 |
> but it will be quite hard to handle this binary format. |
103 |
> |
104 |
> |
105 |
> Googling gave me very litte here: |
106 |
> |
107 |
> 1st issue: may happen for some custom gpgme client software, but |
108 |
> no data on global failures after gnupg update. |
109 |
> |
110 |
> 2nd issue: may happen when key is stored in multiple sources and |
111 |
> fetched from them, but I have no --keyring options in my gpg.conf |
112 |
> (see attached file). |
113 |
> |
114 |
> Any ideas how to fix these issues, especially the signing failure |
115 |
> are much appreciated. |
116 |
> |
117 |
> Best regards, |
118 |
> Andrew Savchenko |
119 |
|
120 |
Hello, |
121 |
|
122 |
I have a very similar problem, at least concerning your 2nd point |
123 |
(duplicated keys). All my problems came when I updated gnupg from 1.x to |
124 |
2.x. I tried to solve them by playing with different 2.x versions but |
125 |
with the last one it is broken: |
126 |
|
127 |
1. I detect duplicated keys in the ring |
128 |
2. some friends told me my signature was bad |
129 |
3. I am not able to verify all the signatures with Mutt or Thunderbird |
130 |
(I do not understand why it works for some signatures and not for others) |
131 |
4. with Thunderbird, I am not able anymore to sign/verify/cypher/decypher |
132 |
|
133 |
I think that it is related to your problems, but I have no clue to fix |
134 |
that. I would also appreciate any help. |
135 |
|
136 |
JC |