Closed 140am closed 8 years ago
It could be your signing subkey is expired. Can you post me your public key? Also, gpg --export-secret-key | gpg --list-packets
might be helpful too, though that's slightly more revealing --- it describes how your secret keys are layed out, but obviously doesn't display any secret data.
Thank you for the prompt response. My signing key was expired before i started using keybase but during the process i updated the expiration dates (as far i understood) and published the new key.
The public key can be found at 5C558AAC.
gpg --export-secret-key | gpg --list-packets
:secret key packet:
version 4, algo 1, created 1389889369, expires 0
skey[0]: [2048 bits]
skey[1]: [17 bits]
iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: 6dc46084f6de5e35
protect count: 8912896 (209)
protect IV: 9b ec 61 b8 0b a2 77 f7
encrypted stuff follows
keyid: 276B98015C558AAC
:user ID packet: "Manuel Kreutz <manuel@140.am>"
:signature packet: algo 1, keyid 276B98015C558AAC
version 4, created 1455099351, md5len 0, sigclass 0x13
digest algo 10, begin of digest 17 c0
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 3)
hashed subpkt 21 len 4 (pref-hash-algos: 10 9 8 11)
hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2016-02-10)
hashed subpkt 9 len 4 (key expires after 3y24d17h53m)
subpkt 16 len 8 (issuer key ID 276B98015C558AAC)
data: [2046 bits]
:secret sub key packet:
version 4, algo 1, created 1392320497, expires 0
skey[0]: [4096 bits]
skey[1]: [17 bits]
iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: 6efdb788b7c348d4
protect count: 8388608 (208)
protect IV: 2d 28 59 65 b8 4c 44 45
encrypted stuff follows
keyid: 5BA9C90518F7709D
:signature packet: algo 1, keyid 276B98015C558AAC
version 4, created 1455101652, md5len 0, sigclass 0x18
digest algo 10, begin of digest 36 07
hashed subpkt 27 len 1 (key flags: 0C)
hashed subpkt 2 len 4 (sig created 2016-02-10)
hashed subpkt 9 len 4 (key expires after 2y361d14h13m)
subpkt 16 len 8 (issuer key ID 276B98015C558AAC)
data: [2047 bits]
:secret sub key packet:
version 4, algo 1, created 1392324028, expires 0
skey[0]: [4096 bits]
skey[1]: [17 bits]
iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: 319fa01a3931767d
protect count: 8388608 (208)
protect IV: be be a9 30 02 75 74 a1
encrypted stuff follows
keyid: 159DD63FD1CD3CD1
:signature packet: algo 1, keyid 276B98015C558AAC
version 4, created 1392324028, md5len 0, sigclass 0x18
digest algo 10, begin of digest 71 66
hashed subpkt 2 len 4 (sig created 2014-02-13)
hashed subpkt 27 len 1 (key flags: 0C)
hashed subpkt 9 len 4 (key expires after 321d0h0m)
subpkt 16 len 8 (issuer key ID 276B98015C558AAC)
data: [2044 bits]
So my best guess is that the forked background service didn't get the setting for GNUPGHOME
, which we do respect. Maybe try:
keybase ctl stop # stop the background process
GNUPGHOME=/blarg/foo keybase --standalone pgp select # run in standalone mode
I haven't tried this before, so it may or may not work.
Thanks for this well-documented bug report!
That worked perfectly :+1: Thank you!
For daily use my keyring has the original signing subkey removed and I only physically mount that master key whenever I need to sign/revoke/cert etc (one of the pain points keybase is solving so nicely). While trying to link my PGP key to keybase i mounted the master keypair and set the
GNUPGHOME
env variable to the directory containing the master key which has the signing key included. Runninggpg -K
afterwards confirms the key status as "sec" instead of "sec#" with a flag of "SC". I then runkeybase pgp select
which prompts me for my key (no "Created" displayed) and my passphrase which I confirm. This process then fails with error:ERROR key generation error: openpgp: invalid argument: no valid signing key
. I suspect something wrong on my side but would appreciate any insight on getting this to work.keybase -d
debug output shortly before the error but after the key and passphrase confirmation: