You are not logged in.
I have got into a bit of a muddle trying to manage GPG. I use GPG in two main ways. First, I use gpg-agent to manage passwordless ssh connections to another machine. Second, I use gpg to encrypt/sign files etc.
[As far as I can tell, my gpg-agent configuration is out-of-date. However, this still appears to work for reasons I don't understand.]
Direct, command line use of gpg, however, fails. I've corrected a no-longer working keyserver setting in ~/.gnupg/gpg.conf, and can now successfully search for keys. However, I get errors if I try to receive/import keys.
$ gpg --search-keys F56C0C53
gpg: data source: http://pgp.mit.edu:11371
(1) Dave Reisner <d@falconindy.com>
Dave Reisner <dreisner@archlinux.org>
2048 bit RSA key F56C0C53, created: 2011-06-25
Keys 1-1 of 1 for "F56C0C53". Enter number(s), N)ext, or Q)uit > 1
gpg: keydb_get_keyblock failed: Value not found
gpg: keydb_search failed: Invalid packet
gpg: key F56C0C53: public key "[User ID not found]" imported
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1Removing comments, ~/.gnupg/gpg.conf is as follows:
default-recipient-self
require-cross-certification
charset utf-8
utf8-strings
no-mangle-dos-filenames
lock-once
keyserver hkp://pgp.mit.edu
keyserver-options auto-key-retrieve
ask-cert-levelI've reread the wiki page, but I can't figure out how to repair/upgrade/fix an existing configuration, as opposed to setting up an entirely new one. If someone could tell me where to look for information about this, I'd much appreciate it.
Last edited by cfr (2015-01-01 00:43:29)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
I'm also unable to decrypt data. If I try to decrypt an encrypted file, I get
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: error reading keyblock: Invalid keyring
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: keydb_search failed: Invalid keyring
gpg: encrypted with ELG key, ID DB5231F8
gpg: decryption failed: No secret keyThis is with an encrypted file which decrypted successfully on 19th December.
I know that gpg no longer uses secring.gpg. However, as I understand it, secret rings are automatically imported into a format gpg-agent understands and, indeed, I have a directory ~/.gnupg/private-keys-v1.d which contains 3 keys, including one dated 19th December (presumably from when I decrypted the file mentioned above).
gnupg was updated on 20th December and I can only imagine that I've failed to take some crucial step required by that update.
[2014-12-20 21:24] [PACMAN] upgraded gnupg (2.1.0-7 -> 2.1.1-1)What have I missed?
And I also can't export a key:
$ gpg --export DB5231F8
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: error reading keyblock: Invalid keyring
gpg: WARNING: nothing exported
gpg: key export failed: Invalid keyring$ gpg --export-secret-keys
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: error reading keyblock: Invalid keyring
gpg: WARNING: nothing exportedLast edited by cfr (2014-12-31 20:58:42)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
default-recipient-self require-cross-certification charset utf-8 utf8-strings no-mangle-dos-filenames lock-once keyserver hkp://pgp.mit.edu keyserver-options auto-key-retrieve ask-cert-level
"no-mangle-dos-filenames" is only effective on Windows systems, also "lock-once" looks suspicious. The minimal config that I found working is
$ cat ~/.gnupg/gpg.conf
require-cross-certification
keyserver hkp://pool.sks-keyservers.net
$ grep -v -e ^$ -e ^# ~/.gnupg/gpg-agent.conf
disable-scdaemon
default-cache-ttl 300
default-cache-ttl-ssh 7200
max-cache-ttl 300
max-cache-ttl-ssh 10800
log-file /tmp/gpg-agent.log
debug-level expert As for the errors, have you seen https://bugs.archlinux.org/task/43173 ?
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
As for the errors, have you seen https://bugs.archlinux.org/task/43173 ?
Thank you! This is the bit I needed.
cd ~/.gnupg
mv pubring.gpg pubring-cadw.gpg
mv secring.gpg secring-cadw.gpg
mv trustdb.gpg trustdb-cadw.gpg
gpg --import pubring-cadw.gpg
gpg --import secring-cadw.gpg
rm pubring.cadw.gpg secring-cadw.gpg
rm trustdb.gpg
mv trustdb-cadw.gpg trustdb.gpgSo now I just have to work out the changes for makepkg...
Thanks!
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline