Migrating from OpenPGP card + gnupg 1.4 to 2.1

Alphazo alphazo at gmail.com
Wed Dec 21 22:38:26 CET 2011


You were right on the subkey. In the meantime I realized that the
import function was also trying to import old revoked keys as well.
That's why I got the password prompt for an old non OpenGPG card based
key.

Now for testing purposes I cleaned up my secring.gpg by removing all
secret keys but one which is the one I described in my previous post.

I started the import and didn't get any password prompt but
unfortunately also no PIN prompt for my OpenPGP card (?).
alpha at fatfly ~/.gnupg % gpg2 --import ~/.gnupg/secring.gpg
gpg: key F89A6E41: "Test Key <testkey at nomail.org>" not changed
gpg: key F89A6E41: secret key imported
gpg: Total number processed: 4
gpg:              unchanged: 1
gpg:       secret keys read: 4

Then I looked at my gnugp2 keystore but it remains empty.

alpha at fatfly ~/.gnupg % ls private-keys-v1.d
alpha at fatfly ~/.gnupg %

Is my OpenPGP card stub being checked correctly?
Is gpg-agent supposed to work out of the box with OpenPGP card?

I then did another test by using a regular key (no OpenPGP card) and
got a strange 'can't handle public key algorithm 3" error then a seg.
fault when doing a --list-secret-keys. However --edit-key did work
fine.

(gdb) run -v --list-secret-keys
Starting program: /usr/bin/gpg2 -v --list-secret-keys
gpg: using PGP trust model
gpg: can't handle public key algorithm 3
gpg: subpacket of type 20 has critical bit set

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff732e700 in ?? () from /lib/libgcrypt.so.11


#0  0x00007ffff732e700 in ?? () from /lib/libgcrypt.so.11
No symbol table info available.
#1  0x00007ffff72e6726 in ?? () from /lib/libgcrypt.so.11
No symbol table info available.
#2  0x00007ffff72e7bfa in ?? () from /lib/libgcrypt.so.11
No symbol table info available.
#3  0x00007ffff72e1ef2 in gcry_sexp_build () from /lib/libgcrypt.so.11
No symbol table info available.
#4  0x000000000042a05b in ?? ()
No symbol table info available.
#5  0x0000000000471e63 in ?? ()
No symbol table info available.
#6  0x00000000004383fc in ?? ()
No symbol table info available.
#7  0x000000000040c120 in ?? ()
No symbol table info available.
#8  0x00007ffff6b6114d in __libc_start_main () from /lib/libc.so.6
No symbol table info available.
#9  0x000000000040c5ed in ?? ()
No symbol table info available.
#10 0x00007fffffffe0b8 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#11 0x00000000ffffffff in ?? ()
No symbol table info available.
#12 0x0000000000000003 in ?? ()
No symbol table info available.
#13 0x00007fffffffe408 in ?? ()
No symbol table info available.
#14 0x00007fffffffe416 in ?? ()
No symbol table info available.
#15 0x00007fffffffe419 in ?? ()
No symbol table info available.
#16 0x0000000000000000 in ?? ()
No symbol table info available.


gpg2 -v --edit-key alphazo at gmail.com
Secret key is available.

gpg: using PGP trust model
pub  1024D/242D4DFB  created: 2009-08-20  expires: never       usage: SC
                     trust: ultimate      validity: ultimate
sub  2048g/CBF93DD2  created: 2009-08-20  expires: never       usage: E
[ultimate] (1). Alphazo <alphazo at gmail.com>

Alphazo

On Wed, Dec 21, 2011 at 7:08 PM, Werner Koch <wk at gnupg.org> wrote:
> On Wed, 21 Dec 2011 15:35, alphazo at gmail.com said:
>
>> When importing this key I got the pinentry-gtk popup asking for the
>> passphrase for this key but this won't be of any help considering that
>> no private key material is there.
>
> Are you sure that it ask for the passphrase of the primary key?  It
> should ask for the one of the subkey.  In any case, please enter the
> passphrase of the subkey (which is usually the same as of the primary
> key).  Note, that I have a very similar setup and it worked without
> problems.  It is however possible that we have a regression here.
>
>> I could probably setup a temporary machine to use the full keychain
>> with passphrase then migrate to 2.1 and finally remove the private key
>> material of the primary key (is that possible with 2.1?).
>
> Yes, very easy:
>
>  gpg2 --with-keygrip -K
>
> shows you the keygrip of the keys.  Now, simply remove the file
> ~/.gnupg/private-keys-v1.d/KEYGRIP.key
>
>
> Salam-Shalom,
>
>   Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>



More information about the Gnupg-devel mailing list