gpg: error getting the KEK: Unsupported certificate

Werner Koch wk at
Sat Feb 9 13:06:50 CET 2013

On Fri,  8 Feb 2013 16:33, gniibe at said:

> "Unsupported certificate" is common error behavior when you are
> using gnome-keyring as gpg-agent.  It replies "103 unknow command",

FWIW, I had a meeting with Stef Walter at FOSDEM and we agreed on a plan
how to solve the gnome-keyring problem.

> 	$ unset GPG_AGENT_INFO
> 	$ eval `gpg-agent  -v --daemon`
> 	$ gpg2 --import secret-keys.gpg

IMHO the best way to test gpg is this

  $ GNUPGHOME=/foo/testdir gpg-agent --verbose --daemon bash

Now within this new shell (bash or whatever you used) you can run your
tests nicely without wondering about GPG_AGENT_INFO etc.  If you want to
terminate the test just enter exit and wait a few seconds until
gpg-agent has terminated itself.  Running watchgnupg in another xterm is
also useful to see what is going on.

If you want to test smartcards you should have put "disable-scdaemon"
into ~/.gnupg/gpg-agent.conf so that the production gpg-agent does not
block the use of the reader device.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list