search

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
BSD 3-Clause "New" or "Revised" License
8.88k stars 1.23k forks source link

ERROR: Your private key appears corrupted (no valid primary key self-signature or key(s) have expired) #18162

Open aayushjain opened 5 years ago

aayushjain commented 5 years ago

Hi,

I recently updated the prefs of my pgp key in gpg cli, and tried to update the public key on my keybase (@aayushjain), but am unable to do so. The error I get after entering my keybase passphrase is: Error: Your private key appears corrupted (no valid primary key self-signature or key(s) have expired).

Here is my old public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQINBFlPMsoBEADXzAS8MnCvhXNTCwnBDnIgLQ4nBbJ4Is7MDssernTPbrS5Rubo
EAYd+n6YqeF3SLpkz5x4J7yGMG3xR11Yc789dlgYrNCq9Yf4wOhjLH6HL4dWVJ4+
H8Y3xGR0jMftx9Ui02EgcYg1GFUd+CyuzOWQMIczJ/YoJpb58dTnoA5jpKwQnREO
j4t7/senyXNDnIRU6odGsJ2I/hYVyOcf0Vy9/U1bAjmRAwFZCNURDee3IVyrdds7
OZb1KzvcmuIHmA6YbjaTmTwpBgysL+PvNbGiEeCnZqeWYqQL75EEpFNOW2BU+PZj
Y3D9rHGwVwsc8PlpNPITx/zcC7K1+DI+VggZnUztQLsG+baK8AoJ4yR5OOdHvBZS
EfYd/Ei5ccPPoSv0x3cp7k9h4xA32BoKBLo0+sGD02rXIRVCF4mG0mcWd+0iqll9
aa+dG2y4P6gyz7nGZQ5rfr2xZAMtTvoLEdjzWOpdOalUDvk6du0Tr9rU48PP4qqz
RYWcUTyfbZVlIz04BuacUFdWPVegs5xGHxUz/ZfO4XmVljRLAwpvupwfGOB7ruho
96H0cBud92lyQuU2vLhMnzzkFMREzv9Gj9clv9Ek6VTiF4dbxwWXOkcpS5w1tBpq
AU7D9FHQw9JYiWyPXCAawFau3jRgN1t8/N8m1KrC8GwEL/lnHTICiUchZQARAQAB
tCNBYXl1c2ggSmFpbiA8YWF5dXNoLjI4OTZAZ21haWwuY29tPokCVgQTAQgAQAIb
AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAFiEEMsOnwQpBukgV4h9ePqSbhLTc
MPIFAl0P2pMFCQeDDskACgkQPqSbhLTcMPKtgBAArEQCU0SedW/nraLAEs/gEDdK
EKBmAJ1ZDHwfhvojsQzV7TIyZ7ic52krpjPA9QITK6eLSfVKFh8mptktVRTADWE8
+Q3YcXAqJKh0omnbh706HXTStGWfsZxJnI6UFucdQstqVLVHk7DNtB7D/RMQSKTP
6dX1WE0QLuRYbnk/olJozkU88mQ3V0wsjGylBepkS2UksnkTZ2G/oJ4J7xKPePM8
WoyBBHsxrtbYWnQaoez5Pf63+xakm8vSSUdmnoEfDDYhv3NzneTeJ+zh3WYCnyMz
ooT7xJYYW5nJa1DPN3YJl2Z4A1kyPhmoAM41DAOHdRSzNZkFunkcg7vA1jFQPT3B
cIlgYCcGQc/LqWeoU/ZAExE7Qf+7TKXUpOMe2XXnpUvcIhaFS4+u/rJ3Elkj2AY/
Rvd4x6PywfCcByLCap/E3qY7Z+Zi76/XQm8tK785ugmKCaZuZK/AAe7ZbStNrbHs
lDYVzPP25Vy3GkNYBlZHVq04sXKDrpeEF31zIRMVXzwkQdT6R11ReD3ZeXdfoXpC
bzOBjV4YUqgv1SjHegdAesvt3SWFDUdMQk1c4B9CSpQt2O0Tbneah35ufnIioR+K
L5m8Uah4q8InL4rVW2Umj3A6F/mm6fWKlDBXUTwijSTUQF4BhKLbw6HKOtaVQWgr
3JjlNWI+4INcJjO1r9W5Ag0EWU8yygEQAJ1FYu8Y7yjnm/UVQmmAqNObN7eIb6K/
r0e97p4VYP0Anji8OZSAfYJfxX5cy280ze/YQgzm33Pm19CLMoChwW+2vayHJBOt
A8eTIIgPgPActubGwT5TdLOZ3aAgawsycn41Yq67isU8W/JjnZnaQoZCdGTOSDhF
GVc/o1eMW5dFAw+Vmm14sBvVD415OiMR0oIlbMwVErc7lpSnmuF//R6DtxFSTQ9+
S6J4iufZ/zil7uU08xOyK6fjQMu6fj8AyE1cE3NptfbjE1Fzd+uJ9qcW3UQfiQTX
1RkXFbEWq2THR31qB3lcWH6QQSihIg6f2pxJDfgj/fgs5ye6ZHkVddQOE8yObQd3
JOBxkZulp7tn6gi3HSbNwyyORUxnSo0xt7AvhcRxqRtm/OdD3AlMSNDOYVApIquA
dUlQM0z0BOsZeXIKyJvnkRcrUHNJelDRPr2BG20q60mBRZBEC0LSX7IT/uJN8mi4
xp3elj1rb7272XmsJSgQtmv9mHK31qZ7VbqF1RthkuCzV4sFulW85OGICltcgLKC
wO+XHhlZi07Hj/wjDjPpUUP4eGRyzt5o0Zq80YSlpjR+9/ro3AxZwosoq70CTzi/
Ej+mJxcunOmFmuh7CxYspliqWnqTEpBdxa/S15OKuHZyBOjsvtI/x5RiNEyFnjqn
okuzZfp1pXl7ABEBAAGJAjwEGAEIACYCGwwWIQQyw6fBCkG6SBXiH14+pJuEtNww
8gUCXQ/aswUJB4MO6QAKCRA+pJuEtNww8tUxD/9brNLcu+IlkHbiIZAJaKH4izIK
oxs1nHlrJyyP9E3VrAUdCTQF13gk4WD8xFL1CHEu/jj0+if7w9eDGU+lg4htEfBV
hLkJbbxtPhaNJlM1IQKYmXQuhpCxpEIchwDAAP2ASaDnMHxI0aJbZVUYideS412b
cizfYOhpzpcqa3cfCYWuKeZjD0ixcsp4IKNBcIsPpqFtRsK8VeqiRfJvKUR8uBIp
+Qt/MDaAHlIy89xhHlIpIHmPDb0AtPUP8yJWI6iIVNlOJ1hUnhh/yrdIo0zM17JO
2INq7j659LFCqWsyBsAv5Uuut97XuhbxFa/OHwfJYX8Fk+6fL1gh5GZzRLdzbjMf
dVT+nsuWqbqv6lPxddnYkpanmibFCFQmSIUosSatdQ40YjFh37GP2HuQ/2+4tKD7
7lo6ZmR2JlWtZ8NTsWxCgm4ug7DqTMNj3v5bojsoASx/a3d5TPHa/MiK1uOFY4yk
tvoA640YcYECYcajpQe2adhJl3CL75OiFgxml8fd5/ruu669Te1QEPvVqukwguh4
mH2ndz95AaGGuGmv/7VQxakDQeMDsCcuoLRn6xbtz5H/mQ4vJ7dH2UszyhrxK2tj
Du/RKi+q+PmPnYVkDlT6520vwYagDorJKBSpW6Eykntaky1i9SaX50b7G7Tg8ZdQ
KtXu0VN3i5H2OjPrzg==
=PeIy
-----END PGP PUBLIC KEY BLOCK-----

I then went to my terminal and ran gpg --edit-key b4dc30f2, then setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed, followed by save.

The new public key after this modification is:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFlPMsoBEADXzAS8MnCvhXNTCwnBDnIgLQ4nBbJ4Is7MDssernTPbrS5Rubo
EAYd+n6YqeF3SLpkz5x4J7yGMG3xR11Yc789dlgYrNCq9Yf4wOhjLH6HL4dWVJ4+
H8Y3xGR0jMftx9Ui02EgcYg1GFUd+CyuzOWQMIczJ/YoJpb58dTnoA5jpKwQnREO
j4t7/senyXNDnIRU6odGsJ2I/hYVyOcf0Vy9/U1bAjmRAwFZCNURDee3IVyrdds7
OZb1KzvcmuIHmA6YbjaTmTwpBgysL+PvNbGiEeCnZqeWYqQL75EEpFNOW2BU+PZj
Y3D9rHGwVwsc8PlpNPITx/zcC7K1+DI+VggZnUztQLsG+baK8AoJ4yR5OOdHvBZS
EfYd/Ei5ccPPoSv0x3cp7k9h4xA32BoKBLo0+sGD02rXIRVCF4mG0mcWd+0iqll9
aa+dG2y4P6gyz7nGZQ5rfr2xZAMtTvoLEdjzWOpdOalUDvk6du0Tr9rU48PP4qqz
RYWcUTyfbZVlIz04BuacUFdWPVegs5xGHxUz/ZfO4XmVljRLAwpvupwfGOB7ruho
96H0cBud92lyQuU2vLhMnzzkFMREzv9Gj9clv9Ek6VTiF4dbxwWXOkcpS5w1tBpq
AU7D9FHQw9JYiWyPXCAawFau3jRgN1t8/N8m1KrC8GwEL/lnHTICiUchZQARAQAB
tCNBYXl1c2ggSmFpbiA8YWF5dXNoLjI4OTZAZ21haWwuY29tPokCVAQTAQgAPgIb
AwIeAQIXgAUJB4MOyRYhBDLDp8EKQbpIFeIfXj6km4S03DDyBQJdFgXiBQsJCAcD
BRUKCQgLBRYCAwEAAAoJED6km4S03DDyf00P/iCR7hE0R8XuZ12Z3jWZS9P05XHW
q8YliNvpHJzNSYQzC5FMlVPn34QaSR0benhmdRC2Gl2EeTqz4lslF5H/0ab9UcwF
nKTMN6OWMHnqBi0rbq3bpmBGav7M6eXPPva2QA+rVF76oZxou/I3eSBGu1xO6Y8K
9c4YC2xF4WPsY67Bsm+h57A795zdpe21nrOEdJf3q3z6PqG0ww5JsPBSqeYcFRK6
pL5KdrO8Pg4kFvsbhCOFhipQqiR9sUwxPC2um2BnFU9M7RaKQhqf3CPoDDGLDU3h
QvxXtKdWs3JRc3F3j9r2aoFlSHwO4z32mHJIl7zJ9DvELAdbTi8oPUhYcGgbhTmb
8EwpFwm3aDhXrSjm7wE/eZtyiKvMRPC0RqBn4dNg47e5WCWlbPKzODIvsOQnW2GY
5fejwbCRqZfYFd5yC0pZZDmKa0oxXmPr0yixbOzG8WY8lMygGZmybNarF4Sixv/K
7rkV4OyZcp5f9GbttFZoL2z7HedZaGkdvx/AN4x9Lz8foEKLZc9InxKQDc0SnJGK
0+L8UyPu1hDEJrEoZH7Etkg5vDtRuH6sMJxXDKqQGJ2mXGuZM0qnElgMoeXOfKvV
y7c5iJGPiw7u6s9e+ghQp5agFAXts0lg5qXVnXi+WS/2+QumKFkL6HlPx0yEYfp+
6OTNpiPjFrTWzUO1uQINBFlPMsoBEACdRWLvGO8o55v1FUJpgKjTmze3iG+iv69H
ve6eFWD9AJ44vDmUgH2CX8V+XMtvNM3v2EIM5t9z5tfQizKAocFvtr2shyQTrQPH
kyCID4DwHLbmxsE+U3Szmd2gIGsLMnJ+NWKuu4rFPFvyY52Z2kKGQnRkzkg4RRlX
P6NXjFuXRQMPlZpteLAb1Q+NeTojEdKCJWzMFRK3O5aUp5rhf/0eg7cRUk0Pfkui
eIrn2f84pe7lNPMTsiun40DLun4/AMhNXBNzabX24xNRc3frifanFt1EH4kE19UZ
FxWxFqtkx0d9agd5XFh+kEEooSIOn9qcSQ34I/34LOcnumR5FXXUDhPMjm0HdyTg
cZGbpae7Z+oItx0mzcMsjkVMZ0qNMbewL4XEcakbZvznQ9wJTEjQzmFQKSKrgHVJ
UDNM9ATrGXlyCsib55EXK1BzSXpQ0T69gRttKutJgUWQRAtC0l+yE/7iTfJouMad
3pY9a2+9u9l5rCUoELZr/Zhyt9ame1W6hdUbYZLgs1eLBbpVvOThiApbXICygsDv
lx4ZWYtOx4/8Iw4z6VFD+Hhkcs7eaNGavNGEpaY0fvf66NwMWcKLKKu9Ak84vxI/
picXLpzphZroewsWLKZYqlp6kxKQXcWv0teTirh2cgTo7L7SP8eUYjRMhZ46p6JL
s2X6daV5ewARAQABiQI8BBgBCAAmAhsMFiEEMsOnwQpBukgV4h9ePqSbhLTcMPIF
Al0P2rMFCQeDDukACgkQPqSbhLTcMPLVMQ//W6zS3LviJZB24iGQCWih+IsyCqMb
NZx5aycsj/RN1awFHQk0Bdd4JOFg/MRS9QhxLv449Pon+8PXgxlPpYOIbRHwVYS5
CW28bT4WjSZTNSECmJl0LoaQsaRCHIcAwAD9gEmg5zB8SNGiW2VVGInXkuNdm3Is
32Doac6XKmt3HwmFrinmYw9IsXLKeCCjQXCLD6ahbUbCvFXqokXybylEfLgSKfkL
fzA2gB5SMvPcYR5SKSB5jw29ALT1D/MiViOoiFTZTidYVJ4Yf8q3SKNMzNeyTtiD
au4+ufSxQqlrMgbAL+VLrrfe17oW8RWvzh8HyWF/BZPuny9YIeRmc0S3c24zH3VU
/p7Llqm6r+pT8XXZ2JKWp5omxQhUJkiFKLEmrXUONGIxYd+xj9h7kP9vuLSg++5a
OmZkdiZVrWfDU7FsQoJuLoOw6kzDY97+W6I7KAEsf2t3eUzx2vzIitbjhWOMpLb6
AOuNGHGBAmHGo6UHtmnYSZdwi++TohYMZpfH3ef67ruuvU3tUBD71arpMILoeJh9
p3c/eQGhhrhpr/+1UMWpA0HjA7AnLqC0Z+sW7c+R/5kOLye3R9lLM8oa8StrYw7v
0Sovqvj5j52FZA5U+udtL8GGoA6KySgUqVuhMpJ7WpMtYvUml+dG+xu04PGXUCrV
7tFTd4uR9joz684=
=TSCI
-----END PGP PUBLIC KEY BLOCK-----

My key appears fine in kGPG, but Keybase wont accept it. It went through the updation process on Github and Facebook, and fingerprint remained unchanged. As far as I feel, me changing the cipher, digest and compression preferences may have been a wrong move.

I did a pgpdump of my old key, and this was the the signature packet:

...
Old: Signature Packet(tag 2)(598 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA256(hash 8)
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Flag - This key may be used to sign data
Hashed Sub: preferred symmetric algorithms(sub 11)(6 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - AES with 192-bit key(sym 8)
Sym alg - AES with 128-bit key(sym 7)
Sym alg - CAST5(sym 3)
Sym alg - Triple-DES(sym 2)
Sym alg - IDEA(sym 1)
Hashed Sub: preferred hash algorithms(sub 21)(5 bytes)
Hash alg - SHA256(hash 8)
Hash alg - SHA1(hash 2)
Hash alg - SHA384(hash 9)
Hash alg - SHA512(hash 10)
Hash alg - SHA224(hash 11)
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - BZip2(comp 3)
Comp alg - ZIP <RFC1951>(comp 1)
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 -   Fingerprint - 32 c3 a7 c1 0a 41 ba 48 15 e2 1f 5e 3e a4 9b 84 b4 dc 30 f2 
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Mon Jun 24 01:31:23 IST 2019
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Wed Jun 23 01:31:23 IST 2021
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x3EA49B84B4DC30F2
Hash left 2 bytes - ad 80 
RSA m^d mod n(4096 bits) - ...
-> PKCS-1
...

A pgpdump of the new key, brings the same block but with changes (as modified):

...
Old: Signature Packet(tag 2)(596 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA256(hash 8)
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Flag - This key may be used to sign data
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Wed Jun 23 01:31:23 IST 2021
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 -   Fingerprint - 32 c3 a7 c1 0a 41 ba 48 15 e2 1f 5e 3e a4 9b 84 b4 dc 30 f2 
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Fri Jun 28 17:49:46 IST 2019
Hashed Sub: preferred symmetric algorithms(sub 11)(4 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - AES with 192-bit key(sym 8)
Sym alg - AES with 128-bit key(sym 7)
Sym alg - CAST5(sym 3)
Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
Hash alg - SHA512(hash 10)
Hash alg - SHA384(hash 9)
Hash alg - SHA256(hash 8)
Hash alg - SHA224(hash 11)
Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - BZip2(comp 3)
Comp alg - ZIP <RFC1951>(comp 1)
Comp alg - Uncompressed(comp 0)
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x3EA49B84B4DC30F2
Hash left 2 bytes - 7f 4d 
RSA m^d mod n(4094 bits) - ...
-> PKCS-1
...

If you can observe, the changes after running setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed resulted in:

Another thing to observe that in my profile when I click on "Update my key (I edited it elsewhere)", I paste my (updated) Public Key, but the error is about a Private Key being corrupted. I also tried the same with my ascii armored Private Key, but it's the same error message as in the title.

Am I doing anything wrong with my approach here? If yes, what should be the corrective measure? Should I stick with the old key or is this one okay? Or is there an issue with how Keybase is processing this key? Maybe it's catching a different error, but the error message isn't correct/comprehensive?

I have little idea, but am willing to help in any way possible.

Thanks.

maxtaco commented 5 years ago

IS this via the web site? What happens if you try keybase pgp update from the CLI?

aayushjain commented 5 years ago

I'm yet to install Keybase on my Linux/Manjaro machine. Will update you.

But I encountered that error on the website. My own pgp key (not the default keybase). Have uploaded priv key on Keybase too for browser actions.

maxtaco commented 5 years ago

cc @zapu if he has any ideas