Key problem

Henry Hertz Hobbit hhhobbit at securemecca.net
Sat Oct 14 08:43:51 CEST 2006 

Johannes Schmid wrote:

> 
> Hi!
> 
> I have the problem that I cannot longer export my gnupg key as I always
> get the following error message
> 
> # gpg --armor --export .gnupg/secring.gpg
> gpg: [don't know]: invalid packet (ctb=20)
> gpg: WARNING: nothing exported
> gpg: key export failed: invalid packet
> 
> # gpg --list-keys
> /home/jhs/.gnupg/pubring.gpg
> - ----------------------------
> pub   1024D/6E5BFD6B 2004-09-21
> uid                  Johannes Schmid <johannes.schmid at gmx.de>
> sub   1024g/35A90063 2004-09-21
> 
> gpg: mpi too large for this implementation (28015 bits)
> gpg: keyring_get_keyblock: read error: invalid packet
> gpg: keydb_get_keyblock failed: invalid keyring
> 
> 
> Encryption and decryption work fine. Would be nice if anyone could give
> me a hint how to rescue my key.
> 
> Thanks,
> Johannes

[1] Your command IS wrong.  It should NOT be done this way:

    $ gpg --armor --export .gnupg/secring.gpg > secret-keys.gpg
    
    It SHOULD be done this way:
    
    $ cd
    $ umask 077
    $ gpg --export-secret-keys > secret-keys.gpg
    # you don't need --armor for the way I am doing it.

    If this fails or even gives a warning, GO NO FARTHER!  I
    hope your keys had an expiration date if you put them on
    the key servers.  If you didn't set an expiration they will
    be there in limbo forever.  If the second one works, let us
    know and I will give you all of the steps.  It is just that
    Werner and others have tried so hard in cases like these
    to correct the situation and most or all of them failed that
    you will probably have to start over.  By the second one
    working I mean you will get NO warnings at all.

Btw, here is my result of executing your command (YES, MY FILES
WERE BACKED UP BEFORE I DID IT) with a GOOD set of files:

[hhhobbit at bogus ~]$ gpg --armor --export .gnupg/secring.gpg \
	> secret-keys.gpg
gpg: WARNING: nothing exported

[hhhobbit at bogus ~]$ ls -l secret-keys.gpg
-rw-------  1 hhhobbit hhhobbit 0 Oct 14 00:31 secret-keys.gpg

hhhobbit at bogus ~]$ rm -f secret-keys.gpg 

[hhhobbit at bogus ~]$ gpg --export-secret-keys > secret-keys.gpg
[hhhobbit at bogus ~]$ ls -l secret-keys.gpg
-rw-------  1 hhhobbit hhhobbit 1857 Oct 14 00:33 secret-keys.gpg

[hhhobbit at bogus ~]$ srm secret-keys.gpg

I think what Werner didn't like were the:

"gpg: [don't know]: invalid packet (ctb=20)"
"gpg: key export failed: invalid packet"

Usually that means the kiss of death and you will probably still
get them doing the command the right way.  I may give you the rest
of the steps anyway, so you can do it like an experiment.  I think
you are going to be starting over ...

Ciao

Henry Hertz Hobbit

PS  BACK UP YOUR KEYS AND GIVE THEM AN EXPIRE DATE!

More information about the Gnupg-users mailing list