Open benhabrams opened 4 years ago
chindraba-work
commented
4 years ago Is [REDACTED KEY] the correct fingerprint for the key you are trying to use with the keybase pgp select command?
Does the command gpg --show-secret-keys[REDACTED KEY] show the key? (Does the first line start with sec or sec*?)
chindraba-work
commented
4 years ago @benhabrams Seeing a different issue regarding a similar seeming error I'm inclined to think that you have GnuPG 1 rather than GnuPG 2 and the new email address is either not self-signed, or self-signed using a deprecated hash. Try the solution given in issue #22496
benhabrams
commented
4 years ago Nope. I have GnuPG 2. Been trying the commands listed in #22496. Not working. Says there's a syntax error.
[REDACTED KEY] is not the fingerprint. It's the key ID. The key ID shown is correct.
gpg --show-secret-keys doesn't do anything. Gives me gpg: invalid option "--show-secret-keys"
chindraba-work
commented
4 years ago Oops, that was my error. Should have been --list-secret-keys not --show.... Apologies.
I'm not sure how you are differentiating between key ID and fingerprint. The ID is either the UID inside the PGP key or it is the ID given by Keybase for the key once added to the chain. The latter cannot be the case, as adding it is what you're trying to do. If the former is what you mean then it can be used in the commands for GnuPG almost everywhere a fingerprint can be used. At least as far as the operations involved here are concerned.
Another diagnostic option is to use gpg --check-sigs [REDACTED KEY] to see if all the signatures are listed as valid, especially on the UID for the new email. Each of the UIDs should have a sig!3 from the primary key itself.
chindraba@Meska:~> gpg --check-sigs keybase@chindraba.work
pub ed25519/22E2E26FF4F5B3AD 2019-03-02 [C] [expires: 2020-09-21]
Key fingerprint = FE86 04FB FBFF BC6F FC45 875C 22E2 E26F F4F5 B3AD
Keygrip = 29180C48931AFC9E5BDF17EEA71D398B202DF7F6
uid [ultimate] Chindraba <keybase@chindraba.work>
sig!3 22E2E26FF4F5B3AD 2020-03-20 never Chindraba <keybase@chindraba.work>
Preferred keyserver: hkp://pool.sks-keyservers.net
uid [ultimate] Chindraba on Keybase
sig!3 22E2E26FF4F5B3AD 2020-03-20 never Chindraba <keybase@chindraba.work>
sub ed25519/62214EAABE99F73F 2019-03-02 [S] [expires: 2020-09-21]
Key fingerprint = BFFE 6F85 C954 F622 1D18 1374 6221 4EAA BE99 F73F
Keygrip = 449950B267C314041143351EFA2464A92E956F00
sig! 22E2E26FF4F5B3AD 2020-03-20 never Chindraba <keybase@chindraba.work>
sub cv25519/BCF067E0BDAF0D7C 2019-03-02 [E] [expires: 2020-09-21]
Key fingerprint = E90F C29B 9104 FAA9 4506 0B72 BCF0 67E0 BDAF 0D7C
Keygrip = B3A5599CAE163AFFB5058EA5AA3B5CAEDD971349
sig! 22E2E26FF4F5B3AD 2020-03-20 never Chindraba <keybase@chindraba.work>
sub ed25519/93D80086F71BDBF5 2019-03-02 [A] [expires: 2020-09-21]
Key fingerprint = 49A6 EEAB 04AF 4AE2 79DD D0EE 93D8 0086 F71B DBF5
Keygrip = EE8F435B965467A13B865DEB08FBD42718C8C1E4
sig! 22E2E26FF4F5B3AD 2020-03-20 never Chindraba <keybase@chindraba.work>
gpg: 5 good signaturesRight, my apologies for making them different things. That's on me. Not sure what I was thinking there.
My signatures are good and I'm still unfortunately getting the error when I try to import on Keybase.
Oh well, looks like I'll just post my fingerprint in my description instead!
Thanks for your help @chindraba-work !
Hi all,
I'm running the latest version of Mac OS and am repeatedly getting this error when I try to import my PGP key via terminal command "keybase pgp select."
▶ ERROR key generation error: no valid primary key self-signature or key(s) have expired (Signature failure in packet 1: rejecting insecure hash SHA1 ([REDACTED KEY])) (error 905)
(Yes, I redacted my key above. That's not actually in the message.) Anybody else having this issue? PGP import used to work for me, but then I got a new email address and needed to change it. Now I can't import it at all.
Thanks!