gpg not able to find my secret key

Damien Goutte-Gattat dgouttegattat at incenp.org
Thu Aug 23 17:50:00 CEST 2018


Hi,

On 08/23/2018 10:54 AM, Martin T wrote:
> When I start the "gpg --list-secret-keys" with "strace -e open",
> then ~/.gnupg/secring.gpg file is not searched.

GnuPG >= 2.1 does not use ~/.gnupg/secring.gpg anymore. Secret keys are
now stored in the ~/.gnupg/private-keys-v1.d folder (one file per key).

When you say you "moved ~/.gnupg directory from old machine to new one",
did you make sure to include the private-keys-v1.d folder?

Related question: Do you have a file named "gpg-v21-migrated" in your
.gnupg directory?

Waiting for your answers, I suspect the following happened:

* You were using GnuPG < 2.1 before (1.4 or 2.0), with your private keys
in the secring.gpg file.

* At some point you upgraded to GnuPG 2.1; GnuPG automatically migrated
your keys from the secring.gpg file to the private-keys-v1.d folder
(leaving the gpg-v21-migrated file as a marker that the migration occured).

* When you moved your .gnupg folder, the private-keys-v1.d folder was
somehow left behind (maybe because you didn't know about it). So
gpg-agent cannot find your private keys.

* Even though you still have a copy of your private keys in the
secring.gpg file, GnuPG will not even look at this file, since the
gpg-v21-migrated file tells it that the private keys were already migrated.

If that's what happened, then simply removing the gpg-v21-migrated file
should be enough to trigger a new migration and allow you to get your
private keys where the agent expects to find them.

I am, however, a little bit concerned by the following:

> When I list the secret keys(gpg --list-secret-keys), then the output 
> is empty.  gpg-agent is not running.

gpg-agent should be started automatically by gpg as soon as it is needed
(such as when you ask for a listing of the secret keys). The fact that
the agent is *not* running could indicate a problem in your GnuPG
installation, independently of the presence or absence of the
private-keys-v1.d folder.


Damien

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180823/a061b9f2/attachment.sig>


More information about the Gnupg-users mailing list