maxtaco
commented
8 years ago Thanks for this detailed bug report. I'll take a look!
Open tresni opened 8 years ago
maxtaco
commented
8 years ago Thanks for this detailed bug report. I'll take a look!
maxtaco
commented
8 years ago The good news is that the server is wise to revoked PGP subkeys. The bad news is that the Go crypto library isn't.... Investigating...
maxtaco
commented
8 years ago We have a fix in master:
We'll hopefully push a new keybase client tonight or tomorrow.
tresni
commented
8 years ago :+1: glad I could be of assistance :)
maxtaco
commented
8 years ago Sure thing, let me know if it fixes your issues when you get v1.0.11. Thanks again for your help!
maxtaco
commented
8 years ago (BTW, you likely need to keybase pgp select --only-import again, which will overwrite your previous key that was mangled on import)
tresni
commented
8 years ago Did the keybase pgp select --only-import and that seemed to work correctly:
~ ●» keybase --version «
keybase version 1.0.11-0
~ ●» keybase pgp select --only-import «
# Algo Key Id Created UserId
= ==== ====== ======= ======
1 2048R 4A00DB3D202D5E3C Brian Hartvigsen <brian.andrew@brianandjenny.com>, Brian Hartvigsen <b@brianandjenny.com>, Brian Hartvigsen <tresni@gmail.com>, Brian Hartvigsen <tresni@crackmonkey.us>, Brian Hartvigsen <tresni@keybase.io>, Brian Hartvigsen <bhartvig@cisco.com>, Brian Hartvigsen <brian.andrew@hartvigsen.xyz>, Brian Hartvigsen <bhartvigsen@opendns.com>
2 2048R 96142F938748D32B Brian Hartvigsen <bhartvigsen@opendns.com>, Brian Hartvigsen <brian.hartvigsen@opendns.com>, Brian Hartvigsen <brian@opendns.com>
Choose a key: 1
▶ INFO Bundle unlocked: 4A00DB3D202D5E3C
▶ INFO Key 4A00DB3D202D5E3C importedAttempting to track a user via CLI works, website still throws the same error. keybase pgp update says key is up-to-date. Not sure where to proceed from here or if I need to do something different on the website to make it work (or if that's just waiting for the go-crypto update.)
Will attempt a re-provision on my laptop to see what happens there.
tresni
commented
8 years ago Provisioning via GPG key works for me, so now it looks like the only issues are on the website :)
~ ●» keybase login «
How would you like to sign this install of Keybase?
(1) Use an existing device
(2) Use a paper key
(3) Use my Keybase passphrase
(4) Use GPG
Choose a signing option: 4
In order to authorize this installation, keybase needs to sign this installation
with your GPG secret key.
You have two options.
(1) Keybase can use GPG commands to sign the installation.
(2) Keybase can export your secret key from GPG and save it to keybase's local encrypted
keyring. This way, it can be used in 'keybase pgp sign' and 'keybase pgp decrypt'
going forward.
Which do you prefer?: 2
# Algo Key Id Created UserId
= ==== ====== ======= ======
1 R 4A00DB3D202D5E3C 2012-09-21 Brian Hartvigsen <brian.andrew@brianandjenny.com>, Brian Hartvigsen <b@brianandjenny.com>, Brian Hartvigsen <tresni@gmail.com>, Brian Hartvigsen <tresni@crackmonkey.us>, Brian Hartvigsen <tresni@keybase.io>, Brian Hartvigsen <bhartvig@cisco.com>, Brian Hartvigsen <brian.andrew@hartvigsen.xyz>, Brian Hartvigsen <bhartvigsen@opendns.com>
2 R 96142F938748D32B 2012-02-01 Brian Hartvigsen <bhartvigsen@opendns.com>, Brian Hartvigsen <brian.hartvigsen@opendns.com>, Brian Hartvigsen <brian@opendns.com>
Choose a key: 1
Enter a public name for this device: iMac
Device name "iMac" already in use. Please try again.
Enter a public name for this device: iMacNewKey
✔ Success! You provisioned your device iMacNewKey.
You are logged in as tresni
- type `keybase help` for more info.Try a keybase pgp update --all? And then try a track via the web site?
maxtaco
commented
8 years ago (The website has your old PGP with the revoked signing subkey. Needs the new subkey!)
maxtaco
commented
8 years ago meaning, the public half of the new signing key....
tresni
commented
8 years ago Same result for --all, track returned same error via website.
~ ●» keybase pgp update --all «
▶ INFO Posting update for key c04eb13d266b3c2f56cb88804a00db3d202d5e3c.
▶ INFO Key was already up to date.
~ ●»Thanks Brian. I will take a further look tonight. This feels like a server side bug.
On Wednesday, February 10, 2016, Brian Hartvigsen notifications@github.com wrote:
Same result for --all, track returned same error via website.
~ ●» keybase pgp update --all « ▶ INFO Posting update for key c04eb13d266b3c2f56cb88804a00db3d202d5e3c. ▶ INFO Key was already up to date. ~ ●»
— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/2012#issuecomment-182666328 .
maxtaco
commented
8 years ago Btw are you using the curl+gpg path or the browser crypto path? If the former can you send me the command line we gave you via 'keybase encrypt max' and email to max@keyabse.io? Your session cookie is in there so please don't post it publically. Thanks!
On Wednesday, February 10, 2016, Maxwell Krohn themax@gmail.com wrote:
Thanks Brian. I will take a further look tonight. This feels like a server side bug.
On Wednesday, February 10, 2016, Brian Hartvigsen < notifications@github.com javascript:_e(%7B%7D,'cvml','notifications@github.com');> wrote:
Same result for --all, track returned same error via website.
~ ●» keybase pgp update --all « ▶ INFO Posting update for key c04eb13d266b3c2f56cb88804a00db3d202d5e3c. ▶ INFO Key was already up to date. ~ ●»
— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/2012#issuecomment-182666328 .
tresni
commented
8 years ago Using browser crypto path currently. I'll try it with the curl+gpg and let you know the result.
tresni
commented
8 years ago curl+gpg works fine. Only browser crypto seems to have problems. Sent you the curl+gpg stuff in case it was useful.
maxtaco
commented
8 years ago Ah OK, now I understand. Seems like a bug in keybase/kbpgp. I'll have to look into it, but with lower priority. Is it OK if you workaround it for now?
BTW, when it comes down to it, it's a bug in gpg which is to blame, since for some unknown reason, gpg doesn't export revocation statements along with secret keys. So what really needs to be done is to merge the secret with the private key to figure out which subkeys are revoked. It's a total PITA, but it comes up very infrequently. It probably makes sense to deprioritize a fix
tresni
commented
8 years ago Fine by me since I can now do everything in the CLI without errors it seems :)
If I attempt to track a user via the website I get the following error:
Provisioning a new device via the CLI using GPG also leads to a similar error if I tell Keybase to export the secret.
However, if I use GPG commands it works fine:
keybase statusdoes show a weird expiration date on the root public key:But
gpg -K/gpg --list-keysshows something different:The 2048R/F982D4B0 subkey was revoked in favor of the 4096bit keys.
Tried doing a
keybase pgp select --multiand telling it to update the public key but it says it's up-to-date. No idea what to do to resolve this and get everything working 100% again.