Open davidgu opened 6 years ago
I think you're trying to upload your public key - keybase wants you to upload your private key
keybase pgp select --no-import
is what you're looking for.
Using keybase pgp select --no-import
disables keybase features that require your private key.
I solved the problem by piping the key in with keybase pgp import
however it seems like something about the select
function is broken for certain configurations.
keybase pgp import -i "path_to-your-subkeys"
On 04/04/2018 07:13, David Hagar wrote:
I can import to keybase, but it doesn't upload my private key, which seems to be a bit of an issue?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/keybase/client/issues/11054#issuecomment-378474834, or mute the thread https://github.com/notifications/unsubscribe-auth/Aed9SjFnoFP6qNndGFbKBg0EFzY2IX8Sks5tlEhvgaJpZM4S6A8u.
Why do you need your ptivate key ? There is no need of this private key. Use subkeys instead.
-- Cordialement, Thierry GPG Key: 0xF9B2FB92 e-mail : lenaigst@maelenn.org Keybase: thierryit
I think you're trying to upload your public key
No, this is an issue arising from removing the main signing/certification key after exporting it offline and creating subkeys for day-to-day signing and encryption.
@davidgu I think that's exactly right. pgp select
doesn't seem to be able to gracefully handle the (best) practice of offlining the main key and relying purely on subkeys, whereas import
can if pointed to a file created from --export-private-subkeys
. In theory, select
should be just sugar for import
and have the same capability set.
These error messages scared the heck out of me ... everything I've ever learned about key security says you never give anybody your private key. I went ahead and did it, figuring if it was bad (and I checked with some experts, who didn't really know the answer either) then I could just revoke the whole key. Suggest that some more explanation is made / other language used ... "upload your private key" sounds almost as bad as giving some "cloud mail service" your gmail credentials.
I'm still learning about gpg. This is what worked successfully for me:
gpg --export-secret-keys | keybase pgp import
The problem is not to import our own PGP key ... But to import our PGP key with the master offline.
keybase pgp select --no-import
works perfectly.
keybase pgp select --no-import
is no longer valid command
I also have my master signing key offline. with only subkeys available to my machine running keybase. I gather keybase pgp select
will allow me to sign my public subkeys into the keybase sigchain, without importing the secret keys to the local keybase keychain. (--no-import no longer needed.)
Is there a way to associate my public master signing key with my keybase identity? If I understand it properly, that would necessitate my being given a challenge text that I could take to the offline machine to sign and return to keybase.
I've posted my question/request, here: https://github.com/keybase/client/issues/23986
Attempting to use
keybase pgp select
results in the following error message:ERROR Key MY_KEY_ID_HERE has private part stubbed - cannot import to Keybase keychain.