Key import issues

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Sep 6 05:17:27 CEST 2016


On Mon 2016-09-05 06:43:30 -0400, A.L.E.C wrote:
> A few users have (different) problems with importing secret keys
> generated by OpenPGP.js. For me it works. Could anyone explain why gpg
> exits with code 2 and what exactly these errors mean?
>
> (gnupg 2.0.28 in this case)
> ERROR: gpg: key FF0A6901: secret key imported
> ERROR: gpg: assuming bad signature from key FF0A6901 due to an unknown
> critical bit
> ERROR: gpg: key FF0A6901: no valid user IDs
> ERROR: gpg: this may be caused by a missing self-signature
> ERROR: gpg: Total number processed: 1
> ERROR: gpg: w/o user IDs: 1
> ERROR: gpg: secret keys read: 1
> ERROR: gpg: secret keys imported: 1
> STATUS: IMPORT_OK 17 91FABCEE268FE9727BC116A43F4D44C4FF0A6901
> STATUS: IMPORT_RES 1 1 0 0 0 0 0 0 0 1 1 0 0 0

this sounds like an OpenPGP public key whose self-signature contains
either a subpacket with type in range 128-255:

    [0] https://tools.ietf.org/html/rfc4880#page-26

this implies that the subpacket is critical.

> (gnupg 2.0.29 for this case)
> ERROR: gpg: key 0D20E76A: secret key imported
> ERROR: gpg: key 0D20E76A was created 31 seconds in the future (time warp
> or clock problem)
> ERROR: gpg: key 0D20E76A: no valid user IDs
> ERROR: gpg: this may be caused by a missing self-signature
> ERROR: gpg: Total number processed: 1
> ERROR: gpg:           w/o user IDs: 1
> ERROR: gpg:       secret keys read: 1
> ERROR: gpg:   secret keys imported: 1
> STATUS: IMPORT_OK 17 3DDABF41C0AA422971DA1258C47F2A380D20E76A
> STATUS: IMPORT_RES 1 1 0 0 0 0 0 0 0 1 1 0 0 0

This sounds exactly like what it says.  Barring malice, the most likely
cause is clock skew between the machine that generated the key and the
machine that is consuming the key.

It would be great to see the specific OpenPGP public certificates, and a
description of how they were generated.

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20160905/5baaaebc/attachment.sig>


More information about the Gnupg-users mailing list