search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
902 stars 37 forks source link

Error: signature verification failed #171

Open tildelowengrimm opened 10 years ago

tildelowengrimm commented 10 years ago

Whenever I try to use the prove subcommand, I get:

user@host: keybase prove github
error: flamsmark: signature verification failed

The error message is red, and bold, which is exciting, but I don't see any logs or other useful adjuncts to debug the problem.

maxtaco commented 10 years ago

Hmm. Can you tell me what running with -d gives you? Try 'keybase -d prove github'. Thanks. On Mar 7, 2014 3:15 PM, "Tom Lowenthal" notifications@github.com wrote:

Whenever I try to use the prove subcommand, I get:

user@system: keybase prove github error: flamsmark: signature verification failed

The error message is red, and bold, which is exciting, but I don't see any logs or other useful adjuncts to debug the problem.

Reply to this email directly or view it on GitHubhttps://github.com/keybase/keybase-issues/issues/171 .

tildelowengrimm commented 10 years ago

Okay. Got it:

user@host:~$ keybase -d prove github
debug: + startup message
debug: | CLI version: 0.0.31
debug: | Platform info: {"versions":{"http_parser":"1.0","node":"0.10.21","v8":"3.14.5.8","ares":"1.9.1","uv":"0.10.18","zlib":"1.2.7","modules":"11","openssl":"1.0.1e"},"arch":"x64","platform":"linux","features":{"debug":false,"uv":true,"ipv6":true,"tls_npn":true,"tls_sni":true,"tls":true}}
debug: | Call to gpg: { args: [ '--version' ] }
debug: | Version info: ["keybase (keybase.io CLI) v0.0.31","- node.js v0.10.21","- gpg (GnuPG) 1.4.12","- Copyright (C) 2012 Free Software Foundation, Inc.","Identifies as: 'keybase.io node.js client v0.0.31 linux'"]
debug: - startup message
debug: + opening config file: /home/flamsmark/.keybase/config.json
debug: ++ loading config file /home/flamsmark/.keybase/config.json
debug: -- loaded config file -> {"user":{"name":"flamsmark","salt":"3439fc3cf3b9c9e2080e359c9156e874","id":"c5fbca96db962c40f38c76e403e86a00"}}
debug: - opened config file; found=true
debug: + opening NEDB database file: /home/flamsmark/.keybase/keybase.nedb
debug: ++ DB::_init_db
debug: -- DB::_init_db
debug: - DB opened
debug: + opening config file: /home/flamsmark/.keybase/session.json
debug: ++ loading config file /home/flamsmark/.keybase/session.json
debug: -- loaded config file -> <redacted>
debug: - opened config file; found=true
debug:  Adding a custom CA for host api.keybase.io when tls=true
debug: + request to sesscheck (https://api.keybase.io:443/_/api/1.0/sesscheck.json)
debug: - request to sesscheck -> null
debug: + User::load_me
debug: ++ flamsmark: load user
debug: +++ flamsmark: load user from local storage
debug: ++++ load sig chain from local storage
debug: |||| loading sig chain w/ payload hash 46604640b22e4a5e50db0374a27e3e83b08843ae5f71f622a96648e48cd37331
debug: +++++ c5fbca96db962c40f38c76e403e86a00: load signature chain
debug: ||||| c5fbca96db962c40f38c76e403e86a00: Loading link 46604640b22e4a5e50db0374a27e3e83b08843ae5f71f622a96648e48cd37331
debug: ||||| -> found link and previous; prev=null
debug: ----- c5fbca96db962c40f38c76e403e86a00: loaded signature chain
debug: ---- loaded sig chain from local storage
debug: --- flamsmark: loaded user from local storage -> null / [object Object]
debug: +++ flamsmark: load user from server
debug: ||| Adding a custom CA for host api.keybase.io when tls=true
debug: ++++ request to user/lookup (https://api.keybase.io:443/_/api/1.0/user/lookup.json?username=flamsmark)
debug: ---- request to user/lookup -> null
debug: --- flamsmark: loaded user from server
debug: +++ updating local user w/ remote
debug: ++++ update sig chain; seqno=1
debug: ---- updated sig chain
debug: --- finished update
debug: +++ flamsmark: storing signature chain
debug: --- flamsmark: stored signature chain
debug: -- flamsmark: loaded user
debug: ++ flamsmark: checking public key
debug: || Call to gpg: { args: 
debug:    [ '-K',
debug:      '--with-colons',
debug:      '2071D92C7B75CBBE680876ABB574896780AF07D3' ],
debug:   quiet: true }
debug: -- flamsmark: checked public key
debug: ++ flamsmark: verifying user and signatures
debug: +++ flamsmark: verifying sig
debug: ||| input chain with 1 link
debug: ++++ compressing signature chain
debug: ---- signature chain compressed
debug: ++++ GpgKey::verify_sig flamsmark
debug: +++++ oneshot verify
debug: ++++++ Make new temporary keychain
debug: |||||| mkdir_p parent /home/flamsmark/.keybase/tmp_keyrings
debug: |||||| making directory /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp
debug: ------ Made new temporary keychain
debug: ||||| Call to gpg: { args: [ '--import' ],
debug:   stdin: '<redacted>',
debug:   quiet: true,
debug:   secret: true }
debug: ||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/pubring.gpg --secret-keyring /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/secring.gpg --trustdb-name /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/trustdb.gpg --import
warn: gpg: keyring `/home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/secring.gpg' created
warn: gpg: keyring `/home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/pubring.gpg' created
warn: gpg: /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/trustdb.gpg: trustdb created
warn: gpg: key 0x51E71B754A09B187: no public key for trusted key - skipped
warn: gpg: key 0x51E71B754A09B187 marked as ultimately trusted
warn: gpg: key 0xB574896780AF07D3 marked as ultimately trusted
warn: gpg: key 0xB574896780AF07D3: public key "Tom Lowenthal <me@tomlowenthal.com>" imported
warn: gpg: Total number processed: 1
warn: gpg:               imported: 1  (RSA: 1)
warn: gpg: public key of ultimately trusted key 0x51E71B754A09B187 not found
warn: gpg: 5 marginal(s) needed, 2 complete(s) needed, PGP trust model
warn: gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
warn: gpg: next trustdb check due at 2014-06-16
debug: ||||| nuking temporary kerying: /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp
debug: ----- GpgKey::verify_sig flamsmark -> VerifyError: flamsmark: signature verification failed
error: flamsmark: signature verification failed

I guess the problem is related to these gpg warnings at the end. Not sure why it thinks that there's no public key for 0x51E71B754A09B187. My system gpg seems to be able to deal with it just fine.

maxtaco commented 10 years ago

This is super helpful, thanks Tom. I agree the issue is likely due to those warnings on the import into the temporary keychain. I haven't seen them before but I need to take a deeper look. I am unfortunately away from the terminal this weekend so I can't check it out until Sunday or so. Thanks for your feedback and patience. On Mar 8, 2014 1:30 PM, "Tom Lowenthal" notifications@github.com wrote:

Okay. Got it:

flamsmark@sarasti:~$ keybase -d prove github debug: + startup message debug: | CLI version: 0.0.31 debug: | Platform info: {"versions":{"http_parser":"1.0","node":"0.10.21","v8":"3.14.5.8","ares":"1.9.1","uv":"0.10.18","zlib":"1.2.7","modules":"11","openssl":"1.0.1e"},"arch":"x64","platform":"linux","features":{"debug":false,"uv":true,"ipv6":true,"tls_npn":true,"tls_sni":true,"tls":true}} debug: | Call to gpg: { args: [ '--version' ] } debug: | Version info: ["keybase (keybase.io CLI) v0.0.31","- node.js v0.10.21","- gpg (GnuPG) 1.4.12","- Copyright (C) 2012 Free Software Foundation, Inc.","Identifies as: 'keybase.io node.js client v0.0.31 linux'"] debug: - startup message debug: + opening config file: /home/flamsmark/.keybase/config.json debug: ++ loading config file /home/flamsmark/.keybase/config.json debug: -- loaded config file -> {"user":{"name":"flamsmark","salt":"3439fc3cf3b9c9e2080e359c9156e874","id":"c5fbca96db962c40f38c76e403e86a00"}} debug: - opened config file; found=true debug: + opening NEDB database file: /home/flamsmark/.keybase/keybase.nedb debug: ++ DB::_init_db debug: -- DB::_initdb debug: - DB opened debug: + opening config file: /home/flamsmark/.keybase/session.json debug: ++ loading config file /home/flamsmark/.keybase/session.json debug: -- loaded config file -> debug: - opened config file; found=true debug: Adding a custom CA for host api.keybase.io when tls=true debug: + request to sesscheck (https://api.keybase.io:443//api/1.0/sesscheck.json) debug: - request to sesscheck -> null debug: + User::loadme debug: ++ flamsmark: load user debug: +++ flamsmark: load user from local storage debug: ++++ load sig chain from local storage debug: |||| loading sig chain w/ payload hash 46604640b22e4a5e50db0374a27e3e83b08843ae5f71f622a96648e48cd37331 debug: +++++ c5fbca96db962c40f38c76e403e86a00: load signature chain debug: ||||| c5fbca96db962c40f38c76e403e86a00: Loading link 46604640b22e4a5e50db0374a27e3e83b08843ae5f71f622a96648e48cd37331 debug: ||||| -> found link and previous; prev=null debug: ----- c5fbca96db962c40f38c76e403e86a00: loaded signature chain debug: ---- loaded sig chain from local storage debug: --- flamsmark: loaded user from local storage -> null / [object Object] debug: +++ flamsmark: load user from server debug: ||| Adding a custom CA for host api.keybase.io when tls=true debug: ++++ request to user/lookup (https://api.keybase.io:443//api/1.0/user/lookup.json?username=flamsmark) debug: ---- request to user/lookup -> null debug: --- flamsmark: loaded user from server debug: +++ updating local user w/ remote debug: ++++ update sig chain; seqno=1 debug: ---- updated sig chain debug: --- finished update debug: +++ flamsmark: storing signature chain debug: --- flamsmark: stored signature chain debug: -- flamsmark: loaded user debug: ++ flamsmark: checking public key debug: || Call to gpg: { args: debug: [ '-K', debug: '--with-colons', debug: '2071D92C7B75CBBE680876ABB574896780AF07D3' ], debug: quiet: true } debug: -- flamsmark: checked public key debug: ++ flamsmark: verifying user and signatures debug: +++ flamsmark: verifying sig debug: ||| input chain with 1 link debug: ++++ compressing signature chain debug: ---- signature chain compressed debug: ++++ GpgKey::verify_sig flamsmark debug: +++++ oneshot verify debug: ++++++ Make new temporary keychain debug: |||||| mkdir_p parent /home/flamsmark/.keybase/tmp_keyrings debug: |||||| making directory /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp debug: ------ Made new temporary keychain debug: ||||| Call to gpg: { args: [ '--import' ], debug: stdin: '', debug: quiet: true, debug: secret: true } debug: ||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/pubring.gpg --secret-keyring /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/secring.gpg --trustdb-name /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/trustdb.gpg --import warn: gpg: keyring /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/secring.gpg' created warn: gpg: keyring/home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/pubring.gpg' created warn: gpg: /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp/trustdb.gpg: trustdb created warn: gpg: key 0x51E71B754A09B187: no public key for trusted key - skipped warn: gpg: key 0x51E71B754A09B187 marked as ultimately trusted warn: gpg: key 0xB574896780AF07D3 marked as ultimately trusted warn: gpg: key 0xB574896780AF07D3: public key "Tom Lowenthal me@tomlowenthal.com" imported warn: gpg: Total number processed: 1 warn: gpg: imported: 1 (RSA: 1) warn: gpg: public key of ultimately trusted key 0x51E71B754A09B187 not found warn: gpg: 5 marginal(s) needed, 2 complete(s) needed, PGP trust model warn: gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u warn: gpg: next trustdb check due at 2014-06-16 debug: ||||| nuking temporary kerying: /home/flamsmark/.keybase/tmp_keyrings/M8nSrDSmQgkiKHdMItMp debug: ----- GpgKey::verify_sig flamsmark -> VerifyError: flamsmark: signature verification failed error: flamsmark: signature verification failed

I guess the problem is related to these gpg warnings at the end. Not sure why it thinks that there's no public key for 0x51E71B754A09B187. My system gpg seems to be able to deal with it just fine.

Reply to this email directly or view it on GitHubhttps://github.com/keybase/keybase-issues/issues/171#issuecomment-37105455 .

passcod commented 10 years ago

Has there been progress on this issue? I get something quite similar, which means I cannot use the keybase client at all. Interestingly, the "hardcore mode" works fine, so that's okay when it's provided.

≈ keybase list-sigs
warn: When checking passcod: VerifyError: merkle root: signature verification failed
warn: Likely this is a bug or transient error; but the server could be compromised
error: passcod: signature verification failed
≈ keybase --debug list-sigs
debug: + opening config file: /home/.keybase/config.json
debug: ++ loading config file /home/.keybase/config.json
debug: -- loaded config file -> {"user":{"name":"passcod","salt":"5704bd21974e75305e752b37b1fcac49","id":"6576ae0af4f9f9e9b68e187d39c88100"}}
debug: - opened config file; found=true
debug: + testing GPG command-line client <default: gpg>
debug: - tested GPG command-line client -> null
debug: + Load proxy CAs
debug: - Loaded proxy CAs
debug: + startup message
debug: | CLI version: 0.4.8
debug: | Platform info: {"versions":{"http_parser":"1.0","node":"0.10.26","v8":"3.14.5.9","ares":"1.9.0-DEV","uv":"0.10.25","zlib":"1.2.3","modules":"11","openssl":"1.0.1e"},"arch":"x64","platform":"linux","features":{"debug":false,"uv":true,"ipv6":true,"tls_npn":true,"tls_sni":true,"tls":true}}
debug: | Version info: ["keybase (keybase.io CLI) v0.4.8","- node.js v0.10.26","- gpg (GnuPG) 2.0.23","- libgcrypt 1.6.1","Identifies as: 'keybase.io node.js client v0.4.8 linux'"]
debug: - startup message
debug: + opening database file: /home/.keybase/keybase.idb
debug: ++ DB::_init_db
debug: -- DB::_init_db -> 0
debug: - DB opened
debug: + session::load
debug: ++ opening config file: /home/.keybase/session.json
debug: +++ loading config file /home/.keybase/session.json
debug: --- loaded config file -> <redacted>
debug: -- opened config file; found=true
debug: - session::load
debug: + session::check
debug: | calling to sesscheck
debug: ++ request to sesscheck (https://api.keybase.io:443/_/api/1.0/sesscheck.json)
debug: || Adding a custom CA for host api.keybase.io when tls=true
debug: -- request to sesscheck -> null
debug: - session::check
debug: + User::load_me
debug: ++ passcod: load user
debug: +++ passcod: load user from local storage
debug: ++++ load sig chain from local storage
debug: |||| loading sig chain w/ payload hash e740b928527416c4b1091266ff3ada7b5ae03bbc672023397896fa222153995b
debug: +++++ 6576ae0af4f9f9e9b68e187d39c88100: load signature chain
debug: ||||| 6576ae0af4f9f9e9b68e187d39c88100: Loading link e740b928527416c4b1091266ff3ada7b5ae03bbc672023397896fa222153995b
debug: ||||| -> found link and previous; prev=5e4907af6c57ecbce26913a3500fe5fc55bba373833094c4d1161882cb5016b0
debug: ||||| 6576ae0af4f9f9e9b68e187d39c88100: Loading link 5e4907af6c57ecbce26913a3500fe5fc55bba373833094c4d1161882cb5016b0
debug: ||||| -> found link and previous; prev=e22c671798f1b029e8bd981df6e1497c47d347e1dd82925385962ae47694d400
debug: ||||| 6576ae0af4f9f9e9b68e187d39c88100: Loading link e22c671798f1b029e8bd981df6e1497c47d347e1dd82925385962ae47694d400
debug: ||||| -> found link and previous; prev=65a789ea40834802337735ca7f3253238928da75ede7bad7af0042c60225bbd8
debug: ||||| 6576ae0af4f9f9e9b68e187d39c88100: Loading link 65a789ea40834802337735ca7f3253238928da75ede7bad7af0042c60225bbd8
debug: ||||| -> found link and previous; prev=null
debug: ----- 6576ae0af4f9f9e9b68e187d39c88100: loaded signature chain
debug: ---- loaded sig chain from local storage
debug: --- passcod: loaded user from local storage -> null / [object Object]
debug: || Checking session since we're loading User as self
debug: +++ session::load_and_check
debug: ++++ session::check
debug: |||| calling to sesscheck
debug: +++++ request to sesscheck (https://api.keybase.io:443/_/api/1.0/sesscheck.json)
debug: ||||| Adding a custom CA for host api.keybase.io when tls=true
debug: ----- request to sesscheck -> null
debug: ---- session::check
debug: --- session::load_and_check -> true
debug: +++ passcod: load user from server
debug: ++++ request to user/lookup (https://api.keybase.io:443/_/api/1.0/user/lookup.json?username=passcod)
debug: |||| Adding a custom CA for host api.keybase.io when tls=true
debug: ---- request to user/lookup -> null
debug: --- passcod: loaded user from server
debug: +++ updating local user w/ remote
debug: ++++ update sig chain; seqno=4
debug: ---- updated sig chain
debug: --- finished update
debug: +++ sigchain check_merkle_tree
debug: ++++ merkle find_and_verify: 6576ae0af4f9f9e9b68e187d39c88100
debug: +++++ request to merkle/root (https://api.keybase.io:443/_/api/1.0/merkle/root.json)
debug: ||||| Adding a custom CA for host api.keybase.io when tls=true
debug: ----- request to merkle/root -> null
debug: +++++ request to merkle/block (https://api.keybase.io:443/_/api/1.0/merkle/block.json?hash=5bc5a0eb33a3737e93a4aa16aad3113b05e112dd255467ddea8d076c1a9ddef6b9c6cca09d96a07a9cf1e9b01df00edf131c319d36c76d5de0b7949946540d03)
debug: ||||| Adding a custom CA for host api.keybase.io when tls=true
debug: ----- request to merkle/block -> null
debug: +++++ request to merkle/block (https://api.keybase.io:443/_/api/1.0/merkle/block.json?hash=f78d0118392b190dc8a8f5354f6ba88d6e805961679d86c50a94c0bd804449f6e0bd230768f83bbf2be9be281abd489714a6f2f633a97f72ca9fc32f6c0be4f6)
debug: ||||| Adding a custom CA for host api.keybase.io when tls=true
debug: ----- request to merkle/block -> null
debug: |||| find -> [4,"e740b928527416c4b1091266ff3ada7b5ae03bbc672023397896fa222153995b","07c429fd44f4084b8cec806fbf842fe86b0fe5f32ac46eba9110c538994ca4970"]
debug: +++++ merkle verify_root
debug: ++++++ merkle get_merkle_key
debug: |||||| Call to gpg: { args: [ '-k', '--with-fingerprint', '--with-colons' ],
debug:   quiet: true }
debug: |||||| merkle key already found in keyring
debug: ------ merkle get_merkle_key
debug: ++++++ GpgKey::verify_sig merkle root
debug: +++++++ oneshot verify
debug: ||||||| Call to gpg: { args: [ '-a', '--export', '03E146CDAF8136680AD566912A32340CEC8C9492' ] }
debug: ++++++++ Make new temporary keychain
debug: |||||||| mkdir_p parent /home/.keybase/tmp_keyrings
debug: |||||||| making directory /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe
debug: -------- Made new temporary keychain
debug: ++++++++ Make/check empty pubring /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/pubring.gpg
debug: |||||||| Made a new one
debug: -------- Made/check empty pubring -> true
debug: ++++++++ Make/check empty secring /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/secring.gpg
debug: |||||||| Made a new one
debug: -------- Made/check empty secring -> true
debug: ++++++++ Make/check empty trustdb /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/trustdb.gpg
debug: |||||||| Made a new one
debug: -------- Made/check empty trustdb -> true
debug: ||||||| Call to gpg: { args: [ '--import' ],
debug:   stdin: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 47 50 20 50 55 42 4c 49 43 20 4b 45 59 20 42 4c 4f 43 4b 2d 2d 2d 2d 2d 0a 56 65 72 73 69 6f 6e 3a 20 47 6e 75 50 47 ...>,
debug:   quiet: true,
debug:   secret: undefined }
debug: ||||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/pubring.gpg --secret-keyring /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/secring.gpg --trustdb-name /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/trustdb.gpg --import
warn: gpg: key EC8C9492: public key "Keybase.io Merkle Signing (v1) <merkle@keybase.io>" imported
warn: gpg: Total number processed: 1
warn: gpg:               imported: 1  (RSA: 1)
warn: gpg: no ultimately trusted keys found
debug: ||||||| Call to gpg: { args: [ '--with-colons', '--fingerprint' ] }
debug: ||||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/pubring.gpg --secret-keyring /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/secring.gpg --trustdb-name /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe/trustdb.gpg --with-colons --fingerprint
debug: ||||||| nuking temporary kerying: /home/.keybase/tmp_keyrings/MoqS_Lm6NCcisx28i3pe
debug: ||||||| oneshot clean
debug: ------- GpgKey::verify_sig merkle root -> VerifyError: merkle root: signature verification failed
debug: ------ merkle find_and_verify -> VerifyError: merkle root: signature verification failed
debug: ----- sigchain check_merkle_tree
warn: When checking passcod: VerifyError: merkle root: signature verification failed
warn: Likely this is a bug or transient error; but the server could be compromised
debug: +++++ passcod: storing signature chain
debug: ----- passcod: stored signature chain
debug: ---- passcod: loaded user
debug: ++++ passcod: checking public key
debug: |||| Call to gpg: { args: 
debug:    [ '-k',
debug:      '--with-colons',
debug:      'E49C31142E3D10A469F086DC6B094637AE1ED85D' ],
debug:   quiet: true }
debug: ---- passcod: checked public key
debug: ++++ passcod: verifying user and signatures
debug: +++++ passcod: verifying sig
debug: ||||| input chain with 4 links
debug: ++++++ compressing signature chain
debug: +++++++ RemoteProof::insert_into_table
debug: ------- RemoteProof::insert_into_table
debug: +++++++ RemoteProof::insert_into_table
debug: ------- RemoteProof::insert_into_table
debug: +++++++ RemoteProof::insert_into_table
debug: ------- RemoteProof::insert_into_table
debug: +++++++ RemoteProof::insert_into_table
debug: ------- RemoteProof::insert_into_table
debug: ------ signature chain compressed
debug: ++++++ GpgKey::verify_sig passcod
debug: +++++++ oneshot verify
debug: ++++++++ Make new temporary keychain
debug: |||||||| mkdir_p parent /home/.keybase/tmp_keyrings
debug: |||||||| making directory /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162
debug: -------- Made new temporary keychain
debug: ++++++++ Make/check empty pubring /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/pubring.gpg
debug: |||||||| Made a new one
debug: -------- Made/check empty pubring -> true
debug: ++++++++ Make/check empty secring /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/secring.gpg
debug: |||||||| Made a new one
debug: -------- Made/check empty secring -> true
debug: ++++++++ Make/check empty trustdb /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/trustdb.gpg
debug: |||||||| Made a new one
debug: -------- Made/check empty trustdb -> true
debug: ||||||| Call to gpg: { args: [ '--import' ],
debug:   stdin: '-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v2\n\nmQINBFMzgC0BEADMguQtzJew1VSgM1YEWULOWrEgLFm1cnXyDavyYwKXJ8F3CLGV\nyj33p3lzg8MDUI+b3aLWsaL6U2ngQPfMlc9P8Td3MsHmHBSj4FnO2mhRlCTO4TJM\n25z99h0DZWKplEqPHz3yd58dsoaXgW21rgCEUuSgszY2xmRygFzz84HGXWUzZzZK\nHL4sApEkYyE1w7LolrUl5RkcS8eNfnvdkYfqtZOyZAs/FFW9+Og8/VO2y76TxO9/\nLMOzRNtLhduO3XveBTi+wAn6l72r1n0AqIv3LHcDr8x5rz4Ezz/1y0WaXxQbtNMx\neZWOPIpXcm5F8rmthsPGGGF4X1030K+1ipz+Rr4aQgV5b3jn1uL/N8XqlrxZNtXz\nq3XG5sY7BGH5Sg68P0KRMSgMZfEBpYSROTEn9vlQ9oCQmNpH102NxMhpwEbEoDxZ\n2Mw1LUE5J4pl5NPL+XKv8Fbn7yvlASaKzIYo/m0spaX+XfCQqJxe6Q9EBNa54jta\nrp5ZcpGBMaBitG2BCbGM+kMQGzJ74aGpMO8Y6Igg+xJtcArGXYsejf0i43q87hqx\nQouRkPfmfjBImilmToCsIGgHIQAu5YowRwcq6aLkCNZw+spkYv45W/SynyVoFe/m\nVNqEAS+AO3HBv3MAIqYm6sLiXQyPYkkGTuv8bNv7/4cy8pEDZSuThIDEJwARAQAB\ntDBGw6lsaXggU2FwYXJlbGxpICg6cGFzc2NvZCkgPGZlbGl4QHBhc3Njb2QubmFt\nZT6JAj8EEwECACkFAlMzgC0CGwMFCQHhM4AHCwkIBwMCAQYVCAIJCgsEFgIDAQIe\nAQIXgAAKCRBrCUY3rh7YXWFvEACR1rQu2PgWa0Z5LHUxE8ohzPSm7lDR2Mg8cLkL\nkWEr7TtambXH+0bLGMlUdqsuKU63l6GtUyy1VPHJDmF527nEwK4UIN/eQ3fgXxJR\nebEqlYbhQN2vy1rRDcTmHcelLSo7w3QZmcnmxqzBi4IDUvGpz6/dXunNp7G8a2RH\nwOErDMtsicDnd1QPF7dKeJCT45WEHevvClqhF3/GWZAVe5XEAGuRlin+g2AEBZ5g\n55tpA5SWj2c1+8edFkuznzahjkvdstTkhG2gdrulY5uUFGlKIJgv5k7i/a4jYlQd\n9Kch0d7h8SvV5Sgo+C+anTQZEAhsoJREZulhOz0gCEA1fBbQ5UhaTTCbU1vQzFJA\neJQjTot19pSvKHYBq2swuPMPTi5Y+cm2hM7KbWVI5V7p8H5wBh9GTDiWvlu7Lrki\nFTZJWr4A/nRFwPgtTbh/baQNozfeP7OR5QyfSiF9FiVBz66B1689X7/0lhtzTvNV\nJ4wIONsQpT8fYgaHOVMLORwZ6x9K4sLEkKQvMWhqVxr9B37p/QmByEsITOnVa3tD\nNZ2fG/11QmkZRqRCP4G1i0bPulDutyssoq9TARPU8xDxa2aYnUvvIlJN6f/VOk50\nQ0pX44a/KR0pTsZ9QNhINJ3ba9cTolwsnhIeYu3sArULRrxHEWybrair+85DCX6V\n5GnKM4kCHAQQAQIABgUCUzOKTAAKCRCuSG++PFG266H5D/9XkqzyTHz4pYD/IM4j\nRWv18wyoh24yjXzvK2xgipgzzR5Hpy/rItywNo3hMCTFTMJFJTA2Sl3ftaP8zh1y\n759sXu5EaHJHiOHSxykJZCRT9Yo+YBZbDaZF+UUQxyJwCsO6odZwIGAaJcwWsL0v\n4lb8xP6htdDJfnw5+ZNh4MHAHZh4TNCuto+tPhJ2kd7tEmh7SMdLHPbeoWypWrES\n0gv488KerFoglpgC2pmTr78W5xsCwZmTKoeycjk25nKkjlKLv4OaV3NSPFwvVmh2\nuPpwJFJcrctotNVYulhI2+s35pCVT3ExtNYZXn96MxSXmpeR+0E+JS1aIKqpv6+H\nDPxPe7UGCbxsHTLaTTU/wv2vnyIZ4kDOb0uX6KCu5ZUjUVSwEAeV4Q4fipA94mM/\n22c5Fa5rn2wwx9HGZMRzf9Yxu8lLA1vY/yUZaohntqBrb42p+SWJRyO/2zwxci32\nGiZNIbG2SjnG0j7JS2LZLDUZh18JkAWfljh1HS9jchU3dgdL5dR57y+V3Ioc76WR\nrJr9mG4P2cda5iEAvfwRCcHMduMZ3yf1Taci2uVvOOYzRsHVTbNc9DPm/OfskPwk\nLmh5T7YsyciTwW7/s3z8EobiPmyKAT3u+eWpg92kw8zhApFExu1DNMEQOWT0fUjt\nwCUI/IuodA+ZQyXP4rAiSd6+ebQna2V5YmFzZS5pby9wYXNzY29kIDxwYXNzY29k\nQGtleWJhc2UuaW8+iQItBBMBCgAXBQJTM4AtAhsDAwsJBwMVCggCHgECF4AACgkQ\nawlGN64e2F0F/Q//YKvCmhRiOWO0WVwOy3HoaIwdq+HCy5D4cLKUdOL6FDG7o+R1\nmRAxfUXkTv5IOKDPLl5U3mIkKP2STKZ8CtoMjmkzKtRConmi5GeAc9vytRVys6ko\nMhZTCMkSBcKswegYj5tBVJiZzWr13Ot6hJPSCpBRTy3n1R6DTshRISfsmsrg6cx8\nUUSVS4GB2IYNw2YA8fyHg6RVhTIFjqLFX7+QWA4dzUZlGHe1mmnXoGjW789CIjxW\nB7zOLFK8P/sC76KFlaxytc7Web/wLp0lgP7CmfPS+quLoNLOQmRvBkfuD++/obeT\ncxaYufKVD5pgk97GnYt/PvP09P+ur/Jx140ZbSmU5P+40NcFXg1iPGW570BVXTvi\nyve+WcCggPv25AuBdg+O0S4uNSuWb7ZNW49EPPyNxMjUz65OG9oWGb6SG3G5pWZX\nkEVudiP0VmMSr9Mcsq9q6UYBSHhO9xj9p7S2QxLduwSZZXeRoIwqLb1jelB/A/OC\nOw47Ma3ogESIsFPqyL69GSnNXnBV9CPgNKV+pFeYPmjWiqtuph4+n0mAeCuhfStD\nuRnr/MnmfATLrRMDLlP9Cul+x2eHMMGhRvlvpMC1L1IDozMDWxctFstVHb6N4eb5\nvdrRVQ5oyEl/X2LCkduON79k/gO2k7XdR1m7KTehPjUJJMHPW+AjmHly5My5Ag0E\nUzOALQEQANBmlDjAFaF8bFMCkU4sSP4rIMv9QoAHLVOUcvOh9OtNGxH9hW6x1vgE\nLBcQJ/nOkvFoFJZoylVwrR5Sa6sYkk7q9jgB/Q0a9Q+elhd49HGJvUQQI1sZtrSU\nfKXMGhh71CdghJWQFVIMPW0/HtxNhqVJyXafGy/MEisrnUuK9ir/BIVcZE2HODFH\nZPutxpWPEwli17WtaQoO9Pk8q/LZkIh44O415E0M2onU8aQ3RL6LPvOLzl/Ai/WD\nj49JZDcwzDNNHb3cTvYF26MlndWU5u98LcA36bmwb8Nkiek0h7W5I2h6Cv/p6zgT\nsCgQ4he0Leb9+Inu3Izq2r8ulfSGymRrICkkS9B/YKxmt9r2F6ZCVhFQC38fRZUn\nDcYV5NnVuRC9MO/dmWySgtfkF+3Z6PQjOAplDp/2AS4fpm1CpHllHNg3HDG9ROCp\nLBTnCwlUwQiuvPpmJsxcDC8j2/otR0uUikxIYc5LnoCwUfosNkLFhDZs9LCc6IWN\nZgt6iAdG2w7itIkKTACG3N9246yJ4jvG8/DCEyadAx9pgxhaRefUNhz/vrL4euIj\nFMv/uTsOB16EnEpApycR1K27snToON8wtwYyFI3E0aoP9zHunK/NtW4qENPYdquR\npCb2czDpyqyR+AwUcKojxK21C69EIZRXYGKtJX14CuX443ITFJGpABEBAAGJAiUE\nGAECAA8FAlMzgC0CGwwFCQHhM4AACgkQawlGN64e2F2idhAAqYDT6FuE4g2kEy8v\nOp7I/I7AX1UMBRUfq+kitBCu/SZQ9m3putLcurVcJ60pLBiY5SBzMZqbEzRSCiJa\nYDc39rUHv5siOGcpD30jGxzlTZUiwRtARlYYSlibzwF823S0MzSvTsww2Nb7GhcJ\nXHnEzVJRRxbmNue52wvYgPbgOhwc3dSZNWQLNOFeRdGTBuC57lyMZC+XBnFtaMzR\nouPykx19keeTs36TNHub59DqzPpHOMDP0OMCjVWuq2bSiFZ7d6oem0wBAyQFpsdt\nrnroitbBLJPfNfPPLiOHGYMJ7NqadeEoTIajtP2lVktl9nDsxDuNB9FO7WN2St1j\nDWr7+WX+dn5rzodQ83qc4NFufzUXYwGyciHWgMbX747J2ZnJ1UGHVds1I1pepCMo\n4ff4ghu6v66I1kidBQOl7G2+ESKIkQ2gR9jOWS6LtztByzLT2zv/f56DYzaeNSiD\nZ87xncQSecviZTDMkt5wEp6adCK/IYa3Huy7OKVQm9LmE1SV+GzG2yicdoUrs2uW\nRo1rIcdLXRFfaQLwAySIFcINvvtX1MM4l9hbj5EvyVvz7m1ZoPElCrkL+VyOvX+F\nTV2PvJ5ACLEZQqS4AcZKRngnShTQF8zHhtRomy14phBwOn9n7d71GqDr+9ywGH2k\ntXsFm+7NKVmdnMuaDwLgMG1+gCc=\n=9+z+\n-----END PGP PUBLIC KEY BLOCK-----',
debug:   quiet: true,
debug:   secret: undefined }
debug: ||||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/pubring.gpg --secret-keyring /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/secring.gpg --trustdb-name /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/trustdb.gpg --import
warn: gpg: key AE1ED85D: public key "Félix Saparelli (:passcod) <felix@passcod.name>" imported
warn: gpg: Total number processed: 1
warn: gpg:               imported: 1  (RSA: 1)
warn: gpg: no ultimately trusted keys found
debug: ||||||| Call to gpg: { args: [ '--with-colons', '--fingerprint' ] }
debug: ||||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/pubring.gpg --secret-keyring /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/secring.gpg --trustdb-name /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162/trustdb.gpg --with-colons --fingerprint
debug: ||||||| nuking temporary kerying: /home/.keybase/tmp_keyrings/0ZXMaNoB0gh-CEUKq162
debug: ||||||| oneshot clean
debug: ------- GpgKey::verify_sig passcod -> VerifyError: passcod: signature verification failed
error: passcod: signature verification failed
maxtaco commented 10 years ago

Hmm, looks like you're having trouble importing keys. What's in your ~/.gnupg/gpg.conf file?

passcod commented 10 years ago 
≈ cat .gnupg/gpg.conf | grep -Ev "^#" | sort -r | uniq

require-cross-certification
keyserver hkp://keys.gnupg.net
keyring /etc/pacman.d/gnupg/pubring.gpg

For conciseness's sake, the pipeline removes all comments, I can add them back in if you wish.

maxtaco commented 10 years ago

Thanks, though I can't reproduce it, my guess is your issues are due to require-cross-certification. Can you comment that out for a moment and see if that fixes your problems? Thanks

passcod commented 10 years ago

Nope, didn't work.

But I did comment out the keyring line and that solved the problem! …which is a bit annoying as that's how I check GPG signatures for my package manager. Oh well, I'll find a way. Thanks anyway :)

maxtaco commented 10 years ago

Oh excellent. You can run keybase with --no-gpg-options and if you want that option permanently, you can run keybase config no_gpg_options true.

maxtaco commented 10 years ago

(hmmm it seems as if this feature is now broken, looking into it)

maxtaco commented 10 years ago

(ok, it does work, just not for the merkle signature verification...)

maxtaco commented 10 years ago

(ok, it works in general, I had another bug in my gpg.conf).

passcod commented 10 years ago

Oh awesome.

vin commented 9 years ago

I was also having command-line client issues. This is showing up in my -d output:

debug: |||||| Mutate GPG args; new args: --no-default-keyring --keyring /home/vineet/.keybase/tmp_keyrings/DTXY8Y4wua65cm4qK94V/pubring.gpg --secret-keyring /home/vineet/.keybase/tmp_keyrings/DTXY8Y4wua65cm4qK94V/secring.gpg --trustdb-name /home/vineet/.keybase/tmp_keyrings/DTXY8Y4wua65cm4qK94V/trustdb.gpg --trusted-key EF3DD2DF77D46FD1 --decrypt --no-auto-key-locate
warn: gpg: Signature made Fri 29 Aug 2014 08:38:56 PM UTC using DSA key ID 8A4C3387
warn: gpg: WARNING: signing subkey 8A4C3387 is not cross-certified
warn: gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information
warn: gpg: Can't check signature: general error

What worked for me was ensuring that my signing subkey was cross-certified and then keybase push 77d46fd1 --update.