private subkey not found

zep zepmaster at gmx.net
Sat Dec 3 14:28:37 CET 2016 

Hello Werner,

Thanks for your reply

> That does not look like the standard output of gpg 2.1.15 - Please
> remove the keyid-format option from your gpg.conf.

Here is the output you requested:

sec#  rsa4096 2016-11-19 [C] [expires: 2021-11-18]
      some_hex_value
uid           [ultimate] zep <other_mail at provider.tlp>
ssb>  rsa4096 2016-11-19 [S] [expires: 2021-11-18]
ssb>  rsa4096 2016-11-19 [E] [expires: 2021-11-18]
ssb>  rsa4096 2016-11-19 [A] [expires: 2021-11-18]

sec   rsa4096 2015-04-07 [SCA] [expires: 2020-04-05]
      some_other_hex_value
uid           [ultimate] zep <zepmaster at gmx.net>
ssb   rsa4096 2015-04-07 [E] [expires: 2020-04-05]


I have two different keysets:

One offline master key and three subkeys for zep
<other_mail at provider.tlp> which are stored on a nitrokey.

Then I have one master key and one subkey for zep <zepmaster at gmx.net>,
which are not stored on a smartcard.

> Are all keyfiles in ~/.gnupg/private-keys-v1.d/ readable ?  Check the
> permissions.

Indeed, my master private key for other_mail at provider.tlp in
~/.gnupg/private-keys-v1.d/ is only a symlink to the real key, which is
on an LUKS encrypted USB drive.

I moved the symlink out of the way, and checked again using
gpg-connect-agent, keyinfo --list:

> keyinfo --list
S KEYINFO some_hex T some_hex OPENPGP.2 - - - - -

S KEYINFO some_hex D - - - P - - -

S KEYINFO some_hex T some_hex OPENPGP.2 - - - - -

S KEYINFO some_hex T some_hex OPENPGP.1 - - - - -

S KEYINFO some_hex T some_hex OPENPGP.1 - - - - -

S KEYINFO some_hex D - - - P - - -

S KEYINFO some_hex T some_hex OPENPGP.3 - - - - -

ERR 67108952 Invalid name <GPG Agent>

Signing, Encrypting and Decryption using the first keyset (on the
nitrokey) does work. But decryption using the subkey of the second
keyset does not work.

Is it possible to have two keysets each having the same name, but a
different email address ?

E.g.

zep <other_mail at provider.tlp>
zep <zepmaster at gmx.net>

Thanks,

Cheers, zep

On 11/30/2016 10:44 AM, Werner Koch wrote:
> On Tue, 29 Nov 2016 21:19, zepmaster at gmx.net said:
> 
>> sec   rsa4096/0xABCDEFGH 2015-04-07 [SCA] [expires: 2020-04-05]
>>       Key fingerprint = ABCD ABCD ABCD ....
> 
> That does not look like the standard output of gpg 2.1.15 - Please
> remove the keyid-format option from your gpg.conf.
> 
>> gpg-connect-agent
>>> keyinfo --list
>> S KEYINFO "some hex string" D - - - P - - -
>> ERR 67108891 Not found <GPG Agent>
> 
> Are all keyfiles in ~/.gnupg/private-keys-v1.d/ readable ?  Check the
> permissions.
> 
> 
> Shalom-Salam,
> 
>    Werner
>

More information about the Gnupg-users mailing list