Decrypting with ECDH: no secret key
Daniele Ricci
daniele.athome at gmail.com
Wed Jun 26 18:07:39 CEST 2013
I think I found the issue. Key was indeed incomplete.
I tried to create a new one from scratch (ECDSA+ECDH) and this time
ssb shows without the hash mark.
However, if I try to export it, gpg2 outputs the key "correctly",
without the subkey, printing this warning:
gpg: key F08342D6/0AF4E702: error receiving key from agent: Bad secret
key - skipped
When re-importing the exported secret key in another keyring, the same
issue: hash mark after ssb.
gpg-agent was started in a custom environment (--homedir) and
GNUPGHOME set accordingly.
By the way: I don't know if it's normal, pinentry asked me the key
password twice during the export.
On Wed, Jun 26, 2013 at 5:40 PM, Werner Koch <wk at gnupg.org> wrote:
> On Wed, 26 Jun 2013 11:15, daniele.athome at gmail.com said:
>
>> sec 256E/8C5A3D53 2013-06-16
>> uid Test ECDSA-ECDH (Key and subkey are 256 bits
>> long) <test.ecdsa.ecdh at example.com>
>> ssb# 256e/8BA3201C 2013-06-16
>
> The hash mark after "sbb" indicates that the subkey if off-line. There
> is only a stub key left. In the case of GnuPG 2.1 this is similar; the
> gpg-agent does not have access to the actually key below
> private-keys-v1.d/.
>
> If you run
>
> gpg2 --with-keygrip -K 8C5A3D53
>
> You will see something like:
>
> ssb 1024g/47BE2775 2003-12-31
> Keygrip = 7E201E28B6FEB2927B321F443205F4724EBE637E
>
> Now to check whether the key is really available do
>
> ls ~/.gnupg/private0keys-v1.d/7E201E28B6FEB2927B321F443205F4724EBE637E.key
>
> I don't know why it is missing. You may however import it again from an
> exported copy of that secret key ("gpg2 --import seckey.gpg")
>
>
> Salam-Shalom,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
--
Daniele
More information about the Gnupg-devel
mailing list