GnuPG2.1 is using the wrong signing subkey
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 22 04:24:36 CET 2017
On Tue 2017-02-21 16:27:55 -0500, Will Dixon (Clemsonopoly94) wrote:
> So I am having an issue signing documents with gpg2.1. Every time I try and sign something, I get:
>
> λ dixonwille [~] → gpg2 --detach-sign Images/EinsteinWP.jpg
> gpg: using "0xEC933DA229123788" as default secret key for signing
> gpg: signing failed: No secret key
> gpg: signing failed: No secret key
> As the above message specifies I do have a default key set in my config. Here is what my private listing shows:
>
> λ dixonwille [~] → gpg2 -K --with-keygrip
> /home/dixonwille/.gnupg/pubring.kbx
> -----------------------------------
> sec# rsa4096/0x496AC5165C585343 2017-01-14 [SC]
> Key fingerprint = 2092 7961 2A0C EF20 83D0 8244 496A C516 5C58 5343
> Keygrip = 308FF7DD37FB9E175378D76125FCB2BC4C5C225C
> uid [ultimate] William E. Dixon <dixonwille at gmail.com>
> uid [ultimate] William E. Dixon <dixonwille at hotmail.com>
> uid [ultimate] William E. Dixon <will.dixon at acstechnologies.com>
> uid [ultimate] [jpeg image of size 5910]
> ssb rsa4096/0xD3522B485A800AFD 2017-01-14 [E] [expires: 2018-01-14]
> Keygrip = 178AB20F816E5FAA31440968AD6EA06B0340FB90
> ssb rsa4096/0xEC933DA229123788 2017-01-14 [S] [expires: 2018-01-14]
> Keygrip = 89A90662E5908D5F271B87A5DC6D26F01B53C9EC
> ssb rsa4096/0xBAA693EC561AD6D9 2017-01-14 [A] [expires: 2018-01-14]
> Keygrip = 9D48688AF67C407BB91900BA07725CCE7E08B546
> ssb rsa4096/0x7A3D17611B1FFDD2 2017-01-14 [S] [expires: 2018-01-14]
> Keygrip = 50EE902E41E323600B02769FA2A96FE8C51D5A35
> ssb rsa4096/0xB64824658CE421C8 2017-01-14 [A] [expires: 2018-01-14]
> Keygrip = D3BD87D77B844A5AE54CEC0466353030A816441B
> ssb rsa4096/0x7642000294227858 2017-01-16 [S] [expires: 2018-01-14]
> Keygrip = B10269A98E3D357F3B32C155367B1CEDCAE998E8
> ssb rsa4096/0x32C4DD59E753B43B 2017-01-16 [A] [expires: 2018-01-14]
> Keygrip = 40E86DAAEDEE6BA714F26B09FBA38C35C4E4F264
> Now all these keys do not have a private conterpart. Only three of them do (0xD3522B485A800AFD, 0xEC933DA229123788, 0xBAA693EC561AD6D9). To make sure I ran gpg-connect-agent then ran keyinfo --list.
When signing, gpg prefers the most recent subkey that is
signing-capable. Please see:
https://bugs.gnupg.org/gnupg/issue1967
for ongoing discussion and a possible patch that's waiting for review by
more knowledgable developers.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170221/65f63d85/attachment.sig>
More information about the Gnupg-users
mailing list