Migrating from OpenPGP card + gnupg 1.4 to 2.1
Alphazo
alphazo at gmail.com
Wed Dec 21 22:38:26 CET 2011
You were right on the subkey. In the meantime I realized that the
import function was also trying to import old revoked keys as well.
That's why I got the password prompt for an old non OpenGPG card based
key.
Now for testing purposes I cleaned up my secring.gpg by removing all
secret keys but one which is the one I described in my previous post.
I started the import and didn't get any password prompt but
unfortunately also no PIN prompt for my OpenPGP card (?).
alpha at fatfly ~/.gnupg % gpg2 --import ~/.gnupg/secring.gpg
gpg: key F89A6E41: "Test Key <testkey at nomail.org>" not changed
gpg: key F89A6E41: secret key imported
gpg: Total number processed: 4
gpg: unchanged: 1
gpg: secret keys read: 4
Then I looked at my gnugp2 keystore but it remains empty.
alpha at fatfly ~/.gnupg % ls private-keys-v1.d
alpha at fatfly ~/.gnupg %
Is my OpenPGP card stub being checked correctly?
Is gpg-agent supposed to work out of the box with OpenPGP card?
I then did another test by using a regular key (no OpenPGP card) and
got a strange 'can't handle public key algorithm 3" error then a seg.
fault when doing a --list-secret-keys. However --edit-key did work
fine.
(gdb) run -v --list-secret-keys
Starting program: /usr/bin/gpg2 -v --list-secret-keys
gpg: using PGP trust model
gpg: can't handle public key algorithm 3
gpg: subpacket of type 20 has critical bit set
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff732e700 in ?? () from /lib/libgcrypt.so.11
#0 0x00007ffff732e700 in ?? () from /lib/libgcrypt.so.11
No symbol table info available.
#1 0x00007ffff72e6726 in ?? () from /lib/libgcrypt.so.11
No symbol table info available.
#2 0x00007ffff72e7bfa in ?? () from /lib/libgcrypt.so.11
No symbol table info available.
#3 0x00007ffff72e1ef2 in gcry_sexp_build () from /lib/libgcrypt.so.11
No symbol table info available.
#4 0x000000000042a05b in ?? ()
No symbol table info available.
#5 0x0000000000471e63 in ?? ()
No symbol table info available.
#6 0x00000000004383fc in ?? ()
No symbol table info available.
#7 0x000000000040c120 in ?? ()
No symbol table info available.
#8 0x00007ffff6b6114d in __libc_start_main () from /lib/libc.so.6
No symbol table info available.
#9 0x000000000040c5ed in ?? ()
No symbol table info available.
#10 0x00007fffffffe0b8 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#11 0x00000000ffffffff in ?? ()
No symbol table info available.
#12 0x0000000000000003 in ?? ()
No symbol table info available.
#13 0x00007fffffffe408 in ?? ()
No symbol table info available.
#14 0x00007fffffffe416 in ?? ()
No symbol table info available.
#15 0x00007fffffffe419 in ?? ()
No symbol table info available.
#16 0x0000000000000000 in ?? ()
No symbol table info available.
gpg2 -v --edit-key alphazo at gmail.com
Secret key is available.
gpg: using PGP trust model
pub 1024D/242D4DFB created: 2009-08-20 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048g/CBF93DD2 created: 2009-08-20 expires: never usage: E
[ultimate] (1). Alphazo <alphazo at gmail.com>
Alphazo
On Wed, Dec 21, 2011 at 7:08 PM, Werner Koch <wk at gnupg.org> wrote:
> On Wed, 21 Dec 2011 15:35, alphazo at gmail.com said:
>
>> When importing this key I got the pinentry-gtk popup asking for the
>> passphrase for this key but this won't be of any help considering that
>> no private key material is there.
>
> Are you sure that it ask for the passphrase of the primary key? It
> should ask for the one of the subkey. In any case, please enter the
> passphrase of the subkey (which is usually the same as of the primary
> key). Note, that I have a very similar setup and it worked without
> problems. It is however possible that we have a regression here.
>
>> I could probably setup a temporary machine to use the full keychain
>> with passphrase then migrate to 2.1 and finally remove the private key
>> material of the primary key (is that possible with 2.1?).
>
> Yes, very easy:
>
> gpg2 --with-keygrip -K
>
> shows you the keygrip of the keys. Now, simply remove the file
> ~/.gnupg/private-keys-v1.d/KEYGRIP.key
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
More information about the Gnupg-devel
mailing list