problems after changing primary UID

Daniel Pocock daniel at pocock.com.au
Fri Jun 13 09:25:50 CEST 2014


I recently changed my primary UID from daniel at pocock.com.au to
daniel at pocock.pro

I've been able to sign from one machine but not from another.  The
second machine only has subkeys.

On the second machine, I would always get "secret key not available"
errors from git tag, signing packages, etc.

In fact, the secret key was never changed, I just added more UIDs, so
this error appeared inaccurate.

Programs like "git tag" and dpkg-genchanges could be coerced to sign
things on the second computer if I manually specified the numeric key ID
on the command line.

Adding "default-key" in ~/.gnupg/gpg.conf didn't help either - it always
seems necessary to specify the key ID on every occasion.

Looking at it again today, "gpg --list-secret-keys" shows me that two of
my UIDs, including the new one, were not listed on the second computer. 
However, looking at it with "gpg --edit-key" the uids are listed in the
public view but not the secret key view.  It seems that running "adduid"
doesn't fully update the list of uids for secret key usage.

I came across this rather detailed blog from somebody else who had this
problem:
https://we.riseup.net/risuplabs+paow/missing-uid-in-secret-key

and I couldn't help wondering, isn't it feasible to just copy the
~/.gnupg/secring.gpg from one computer to the other?

I made a backup and tried doing so and it appears to solve the problem. 
The only gotcha I can think of is that if the second computer is only
meant to contain subkeys, then the secret master key needs to be removed
as described in https://wiki.debian.org/Subkeys

Is copying the file like this a valid solution?

Is there an easier way to deal with this situation?






More information about the Gnupg-users mailing list