From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 46A2613888F for ; Tue, 13 Oct 2015 14:54:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 17850E07F0; Tue, 13 Oct 2015 14:54:00 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DE510E07C7 for ; Tue, 13 Oct 2015 14:53:58 +0000 (UTC) Received: from localhost (unknown [91.246.93.160]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bircoph) by smtp.gentoo.org (Postfix) with ESMTPSA id 9F8683404B1 for ; Tue, 13 Oct 2015 14:53:57 +0000 (UTC) Date: Tue, 13 Oct 2015 17:53:53 +0300 From: Andrew Savchenko To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Gnupg-2.1.* nightmare Message-Id: <20151013175353.4e247f53d261518fff3eaf4e@gentoo.org> X-Mailer: Sylpheed 3.4.1 (GTK+ 2.24.20; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA512"; boundary="Signature=_Tue__13_Oct_2015_17_53_53_+0300_jQ96ZVkEdmFvqvyO" X-Archives-Salt: b02daccb-b670-4bb2-9c32-a84bcc0db159 X-Archives-Hash: d96aeae22eb6ef08e21ae5745de66cb5 --Signature=_Tue__13_Oct_2015_17_53_53_+0300_jQ96ZVkEdmFvqvyO Content-Type: multipart/mixed; boundary="Multipart=_Tue__13_Oct_2015_17_53_53_+0300_Us4Q6I=T7D5_O2Z." --Multipart=_Tue__13_Oct_2015_17_53_53_+0300_Us4Q6I=T7D5_O2Z. Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I updated to gnupg-2.1.9 from 2.0.x on both my desktop and laptop and now I have big problems. 1. gpgme is now broken. Gpgme consumers (e.g. sylpheed, mcabber) can verify, encrypt and decrypt messages, but can't sign them. On signing I have the following issues: Please enter your PGP passphrase:=20 [17:26:06] GPGME signature error: Unusable secret key Or: ** Sylpheed-WARNING: pgp_sign(): signing failed: User defined error code 1 I _can_ sign using the very same keys and plain gpg -s --default-key $id command. GPG itself works fine, something is amiss with gmgme. I updated gpgme, libgcrypt, libgpg-error and libassuan to the latest unstable versions and rebuilt consumer applications. Of course, keys were migrated to the new format using gpg --import and gpg-agent was restarted (I even rebooted the whole host), but problem is still here. The problem is even more strange, since I found a workaround way to sign messages in sylpheed. Program has three options for key selection: a) use default GPG key; b) select key by e-mail; c) use key with provided ID. Options b) and c) cause the error above, while option a) works, so by editing gpg.conf I can set default key id to what I need to sign a message. This is very inconvenient (since I have many keys), but at least works somehow. 2. I have duplicated keys in the ring with the same ID and fingerprint. Duplication happens only to _some_ of my keys where I have a secret key, fetched public keys of other users are not duplicated. Examples: a) Here I have the very same key twice: $ gpg --fingerprint -K 0x8EE705C07CFA83D3 sec rsa4096/0x8EE705C07CFA83D3 2012-09-11 [expired: 2015-09-11] Key fingerprint =3D 3F2D 1E49 4F96 2CE6 1597 F217 8EE7 05C0 7CFA 83D3 uid [ expired] Bircoph sec rsa4096/0x8EE705C07CFA83D3 2012-09-11 [expired: 2015-09-11] Key fingerprint =3D 3F2D 1E49 4F96 2CE6 1597 F217 8EE7 05C0 7CFA 83D3 uid [ expired] Bircoph b) Now comes more interesting: $ gpg --fingerprint -K 0x565953B95372756C sec rsa4096/0x565953B95372756C 2013-02-27 [expires: 2018-02-26] Key fingerprint =3D 63EB 04FA A30C 76E2 952E 6ED6 5659 53B9 5372 756C uid [ultimate] Andrew Savchenko uid [ultimate] Andrew A. Savchenko (NRNU MEPhI) uid [ultimate] Andrew A. Savchenko (UT Department) uid [ultimate] Andrew Savchenko (Gentoo Dev) uid [ultimate] Andrew A. Savchenko (XMPP) uid [ultimate] Andrew A. Savchenko (UT Department) uid [ultimate] Andrey Savchenko (RHIC) ssb rsa4096/0x7AB649CA518C8321 2013-02-27 [expires: 2018-02-26] ssb rsa4096/0xF6535A33BA1EE48D 2015-01-13 [expires: 2018-01-12] sec rsa4096/0x565953B95372756C 2013-02-27 [expires: 2018-02-26] Key fingerprint =3D 63EB 04FA A30C 76E2 952E 6ED6 5659 53B9 5372 756C uid [ultimate] Andrew A. Savchenko (NRNU MEPhI) uid [ultimate] Andrew Savchenko uid [ultimate] Andrew Savchenko (Gentoo Dev) uid [ultimate] Andrew A. Savchenko (XMPP) uid [ultimate] Andrew A. Savchenko (UT Department) uid [ultimate] Andrew A. Savchenko (UT Department) ssb rsa4096/0x7AB649CA518C8321 2013-02-27 [expires: 2018-02-26] ssb rsa4096/0xF6535A33BA1EE48D 2015-01-13 [expires: 2018-01-12] I have two versions of the same key: the latest and previous one=20 (before I added one more e-mail uid to the key). This problem may be related to the first one, may be not, I'm not sure. It is possible that gpgme goes crazy with these duplicates. I have no idea how to remove duplicates and old versions. All gpg commands are tied to either key id, e-mail or fingerprint. They are all not unique to delete such duplicates. I have though that this may happen due to both secring.gpg and private-keys-v1.d present, but moving secring.gpg away doesn't help. Maybe manual editing of pubring.gpg will help to remove duplicates, but it will be quite hard to handle this binary format. Googling gave me very litte here: 1st issue: may happen for some custom gpgme client software, but no data on global failures after gnupg update. 2nd issue: may happen when key is stored in multiple sources and fetched from them, but I have no --keyring options in my gpg.conf (see attached file). Any ideas how to fix these issues, especially the signing failure are much appreciated. Best regards, Andrew Savchenko --Multipart=_Tue__13_Oct_2015_17_53_53_+0300_Us4Q6I=T7D5_O2Z. Content-Type: text/plain; name="gpg.conf" Content-Disposition: attachment; filename="gpg.conf" Content-Transfer-Encoding: quoted-printable default-key 0x565953B95372756C require-cross-certification charset utf-8 keyserver hkp://pool.sks-keyservers.net keyserver-options auto-key-retrieve personal-digest-preferences SHA512 SHA384 SHA256 personal-cipher-preferences CAMELLIA256 AES256 TWOFISH CAMELLIA192 AES192 C= AST5 AES personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed default-preference-list SHA512 SHA384 SHA256 CAMELLIA256 AES256 TWOFISH CAM= ELLIA192 AES192 CAST5 AES BZIP2 ZLIB ZIP Uncompressed keyid-format 0xlong verify-options show-uid-validity list-options show-uid-validity --Multipart=_Tue__13_Oct_2015_17_53_53_+0300_Us4Q6I=T7D5_O2Z.-- --Signature=_Tue__13_Oct_2015_17_53_53_+0300_jQ96ZVkEdmFvqvyO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWHRsBAAoJEPZTWjO6HuSNtHwQAKj9/VnGlxw7362in9kvc4/c SDXrB7uT6NgbMpNROAZF7zqfmobH3GOSOVDGbsxKe3wYbmigD3cq2RAR2v9w7049 7KGt1jhe7kY7UTNUZAjpttdMA1sxITGeFEF3alGX6VfjmDRJ+sY7wQ82BMTLZIvh utqKXTJpPywiE5Zewz4ngF2+BZZlGnySyN/G28KtLfQne9eUNMFYqUx1MVRwdI6r U97yvAC/MS3Pl7FaZK/8+2RZz9f2XtTAPxHWnXUC53bAnCnmtEojcr+ofw7gSSOA fFR1BRZsTqbL44xy3tw3kOfr2sLAk8F412rYeJUsLNQ9TIdglqRe4LRAVI2nAGnE WaaMFcQeUAFg7dWMNLX1sGJp0gImNpbZ77U14BCHAErANMHiBZBDTHEGa3anW1M5 Ag53vnIvLCfT6Iaj0KCmKn+nnYowKPqz5mAS0OcSTdINACcuqKvYjfq7l/Vhk72S 51BM/kIhLndivMP1CteyWX/osYJxKuIzEn4PWm4T2M/MaO3GgYDIBcgEKe8Khdym aRckNjAP2bL5J7M6JA78tSxBlCEOO4n67FYmqFylR0K5C2EIGOiol/ppx6SK/neJ 3F3hSAAl6kfOZYlEDp45hcQJaaO356W/LM6UoWX3I6pjSSd6wK51t80Wu5XkAfmd fJmVZkn/1WBI88qb2I6n =cvsl -----END PGP SIGNATURE----- --Signature=_Tue__13_Oct_2015_17_53_53_+0300_jQ96ZVkEdmFvqvyO--