You are not logged in.
I followed https://wiki.archlinux.org/index.php/GnuPG#Create_key and https://wiki.archlinux.org/index.php/Talk:Pacman-key, but I have ended up with my public key being listed twice. It's both first and last in the full list of public keys. Here is just mine:
/home/colin% gpg --list-public-keys colin
pub 4096R/0940E3F9 2014-11-18 [expires: 2015-11-18]
uid [ultimate] Colin Keenan <colinnkeenan@gmail.com>
uid [ultimate] [jpeg image of size 6283]
sub 4096R/EDA19F9C 2014-11-18 [expires: 2015-11-18]
pub 4096R/0940E3F9 2014-11-18 [expires: 2015-11-18]
uid [ultimate] Colin Keenan <colinnkeenan@gmail.com>
uid [ultimate] [jpeg image of size 6283]
sub 4096R/EDA19F9C 2014-11-18 [expires: 2015-11-18]
How do I remove just the 2nd entry so that my public key is only listed one time?
I am afraid to start signing my packages (https://wiki.archlinux.org/index.php/De … ge_signing) before I fix this issue.
Edit to add what I've tried so far:
gpg -o colin.gpg --export colin # to create a backup of my public key in a file called colin.gpg
cp pubring.gpg pubring-backup.gpg # in case I screw up pubring.gpg
gpg --import colin.gpg # hoping it will magically merge the duplicate, but it left both unchanged
gpg --delete-key colin # hoping it would delete both copies of the public key so I could import it again
It refused to delete the public key until I delete the private key which I don't want to do.
I also realized the export may have the duplicate as well. I tested that with:
gpg colin.gpg
And, sure enough, it listed my key twice.
Another edit: I have tried a lot and exposed a bug that I will try to submit upstream. Here is what I have done:
gpg --edit-key colin # this selected the first of the duplicate keys to be edited
gpg> adduid
Real name: Colin N Keenan
Email address: colinnkeenan@gmail.com
Comment:
You selected this USER-ID:
"Colin N Keenan <colinnkeenan@gmail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a passphrase to unlock the secret key for
user: "Colin Keenan <colinnkeenan@gmail.com>"
4096-bit RSA key, ID 0940E3F9, created 2014-11-18
pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1) Colin Keenan <colinnkeenan@gmail.com>
[ultimate] (2) [jpeg image of size 6283]
[ unknown] (3). Colin N Keenan <colinnkeenan@gmail.com>
gpg> save
gpg --edit-key "Colin N Keenan"
...
Secret key is available.
pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1). Colin N Keenan <colinnkeenan@gmail.com>
[ultimate] (2) Colin Keenan <colinnkeenan@gmail.com>
[ultimate] (3) [jpeg image of size 6283]
gpg> 2
pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1). Colin N Keenan <colinnkeenan@gmail.com>
[ultimate] (2)* Colin Keenan <colinnkeenan@gmail.com>
[ultimate] (3) [jpeg image of size 6283]
gpg> deluid
Really remove this user ID? (y/N) y
pub 4096R/0940E3F9 created: 2014-11-18 expires: 2015-11-18 usage: SC
trust: ultimate validity: ultimate
sub 4096R/EDA19F9C created: 2014-11-18 expires: 2015-11-18 usage: E
[ultimate] (1). Colin N Keenan <colinnkeenan@gmail.com>
[ultimate] (2) [jpeg image of size 6283]
gpg> quit
Save changes? (y/N) y
And now the bug:
/home/colin% gpg --delete-key "Colin Keenan"
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: there is a secret key for public key "Colin Keenan"!
gpg: use option "--delete-secret-keys" to delete it first.
/home/colin% gpg --delete-secret-key "Colin Keenan"
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: key "Colin Keenan" not found: Unknown system error
gpg: Colin Keenan: delete key failed: Unknown system error
So, --delete-key fails because there is a secret key, and --delete-secret-key fails because it can't find the secret key!
Last edited by colinkeenan (2014-11-19 16:26:31)
Offline
When I run the command for my keys, I only get each key listed once... I can't think of anything that might trigger it to list your key twice.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
I think it happened when I followed the instruction on https://wiki.archlinux.org/index.php/Talk:Pacman-key which says to "Import generated key into pacman's keychain (pacman-key --import) from your ~/.gnupg". It seems as though I remember seeing it only once until I ran pacman-key --import ./ (while in ~/.gnupg). Maybe I accidently ran it twice if I couldn't tell it had worked.
Offline
I have filed an upstream bug. Their website is not configured correctly though according to Google Chrome, and I had to click "advanced" and tell Chrome to go to the site anyway even though it's "not safe".
Offline
I have solved the issue. Since I had made a backup of .gnupg while there was a duplicate of the public key for "Colin Keenan", I realized the secret key in the backup was also for "Colin Keenan", so I didn't want to delete that one. I should delete "Colin N Keenan" by deleting the secret and public key matching it, then copy the resulting public key file to the backup, then restore the backup. That solved the issue, as follows:
gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg
Here is a full outline of the commands I ran to eliminate the duplicate public key, in case anyone else runs into this very unusual problem:
cd # just making sure I'm in home directory so don't have to type dreaded ~
cp -r .gnupg .gnupg-backup
gpg --edit-key colin
gpg> adduid (added Colin N Keenan, original was Colin Keenan)
gpg> save
gpg --edit-key "Colin N Keenan"
gpg> 2 (because "Colin Keenan" was the 2nd uid)
gpg> deluid
gpg> save
gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg
Last edited by colinkeenan (2014-11-19 16:41:03)
Offline
I have figured out how I got the double public key listing in the first place, and filed a bug against pacman-key:
https://bugs.archlinux.org/task/42850
I think it happens when doing
sudo pacman-key --import /home/<user>/.gnupg
after putting
keyring /etc/pacman.d/gnupg/pubring.gpg
into ~/.gnupg/gpg.conf, as recommended in https://wiki.archlinux.org/index.php/Ma … e_checking
I have followed the same steps that I did the first time, and ended up with duplicate entries again. All this at least has made me comfortable with gpg.
Offline
I took another look at the situation and realize that my ~/.gnupg/pubring.gpg is now empty! If I comment out keyring /etc/pacman.d/gnupg/pubring.gpg in gpg.conf, there is no longer any output to gpg -k. My public key is only in /etc/pacman.d/gnupg/pubring.gpg.
So, the reason I got the key duplicated in gpg -k before is because it was first listing the one key in ~/.gnupg/pubring.gpg, then listing all the keys in /etc/pacman.d/gnupg/pubring.gpg, including mine since I had done sudo pacman-key --import /home/colin/.gnupg
Now I'm thinking it was supposed to list my key twice and that I've screwed things up by making ~/.gnupg/pubring.gpg empty.
Can anyone confirm it is normal to get a double listing of your public key if you do sudo pacman-key --import /home/colin/.gnupg and also have keyring /etc/pacman.d/gnupg/pubring.gpg in gpg.conf?
Offline