Error encrypting: cannot encrypt a message to key id ... because it has no encryption keys

[rmoxley]

I'm unable to encrypt messages to other keybase users from the command line or the web interface. Using the command line, I get the same error message regardless of the recipient: ERROR openpgp: invalid argument: cannot encrypt a message to key id 252a59a26ab0bd86 because it has no encryption keys (same key id in each case).

When I try to encrypt with the web interface, I get Error: no valid primary key self-signature.

Here's an example of my attempt to encrypt using the command line:

$ uname -a
Linux radium 3.16.0-60-generic #80~14.04.1-Ubuntu SMP Wed Jan 20 13:37:48 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ 
$ keybase version
Client:  1.0.11-0
Service: 1.0.11-0
$ gpg --version
gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ 
$ keybase pgp encrypt -m 'message contents' chris
▶ INFO Identifying recipient chris
✔ public key fingerprint: 94AA 3A5B DBD4 0EA5 49CA BAF9 FBC0 7D6A 9701 6CB3
✔ admin of keybase.io via HTTPS: https://keybase.io/.well-known/keybase.txt
✔ "malgorithms" on reddit: https://www.reddit.com/r/KeybaseProofs/comments/3ovuqa/my_keybase_proof_redditmalgorithms_keybasechris/
✔ "malgorithms" on github: https://gist.github.com/2d5bed094c6429c63f21
✔ "malgorithms" on hackernews: https://news.ycombinator.com/user?id=malgorithms
✔ admin of DNS zone chriscoyne.com: found TXT entry keybase-site-verification=2_UwxonS869gxbETQdXrKtIpmV1u8539FmGWLQiKdew
✔ "malgorithms" on twitter: https://twitter.com/malgorithms/status/433640580220874754
✔ "bitcoyne" on coinbase: https://coinbase.com/bitcoyne/public-key
✔ admin of chriscoyne.com via HTTPS: https://chriscoyne.com/keybase.txt
▶ ERROR openpgp: invalid argument: cannot encrypt a message to key id 252a59a26ab0bd86 because it has no encryption keys
$

[maxtaco]

Likely your key is expired or had expired subkeys.

On Saturday, February 13, 2016, rmoxley notifications@github.com wrote:

I'm unable to encrypt messages to other keybase users from the command line or the web interface. Using the command line, I get the same error message regardless of the recipient: ERROR openpgp: invalid argument: cannot encrypt a message to key id 252a59a26ab0bd86 because it has no encryption keys (same key id in each case).

When I try to encrypt with the web interface, I get Error: no valid primary key self-signature.

Here's an example of my attempt to encrypt using the command line:

$ uname -a Linux radium 3.16.0-60-generic #80~14.04.1-Ubuntu SMP Wed Jan 20 13:37:48 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ $ keybase version Client: 1.0.11-0 Service: 1.0.11-0 $ gpg --version gpg (GnuPG) 1.4.16 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ $ keybase pgp encrypt -m 'message contents' chris ▶ INFO Identifying recipient chris ✔ public key fingerprint: 94AA 3A5B DBD4 0EA5 49CA BAF9 FBC0 7D6A 9701 6CB3 ✔ admin of keybase.io via HTTPS: https://keybase.io/.well-known/keybase.txt ✔ "malgorithms" on reddit: https://www.reddit.com/r/KeybaseProofs/comments/3ovuqa/my_keybase_proof_redditmalgorithms_keybasechris/ ✔ "malgorithms" on github: https://gist.github.com/2d5bed094c6429c63f21 ✔ "malgorithms" on hackernews: https://news.ycombinator.com/user?id=malgorithms ✔ admin of DNS zone chriscoyne.com: found TXT entry keybase-site-verification=2_UwxonS869gxbETQdXrKtIpmV1u8539FmGWLQiKdew ✔ "malgorithms" on twitter: https://twitter.com/malgorithms/status/433640580220874754 ✔ "bitcoyne" on coinbase: https://coinbase.com/bitcoyne/public-key ✔ admin of chriscoyne.com via HTTPS: https://chriscoyne.com/keybase.txt ▶ ERROR openpgp: invalid argument: cannot encrypt a message to key id 252a59a26ab0bd86 because it has no encryption keys $

— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/2072.

[rmoxley]

Thanks. My key was expired. I extended its expiration and then used keybase pgp update. I still get the same error when I try to encrypt with the command line, but now I'm getting a different error when I try to encrypt using the web interface: Error: cannot encrypt with the given KeyManager (i=1).

[maxtaco]

Ok I can take a look later but am away from my computer now.

On Saturday, February 13, 2016, rmoxley notifications@github.com wrote:

Thanks. My key was expired. I extended its expiration and then used keybase pgp update. I still get the same error when I try to encrypt with the command line, but now I'm getting a different error when I try to encrypt using the web interface: Error: cannot encrypt with the given KeyManager (i=1).

— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/2072#issuecomment-183707947 .

[maxtaco]

Almost. Both your primary and your subkey were expired, and you only increased the expiration time of the primary:

$ curl -s https://keybase.io/rmoxley/key.asc | gpg --list-packets
:public key packet:
    version 4, algo 1, created 1421890657, expires 0
    pkey[0]: [2048 bits]
    pkey[1]: [17 bits]
    keyid: 252A59A26AB0BD86
:user ID packet: "Richard Moxley <richard@moxley.com>"
:signature packet: algo 1, keyid 252A59A26AB0BD86
    version 4, created 1455382843, md5len 0, sigclass 0x13
    digest algo 2, begin of digest 0e 29
    hashed subpkt 27 len 1 (key flags: 03)
    hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
    hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
    hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
    hashed subpkt 30 len 1 (features: 01)
    hashed subpkt 23 len 1 (key server preferences: 80)
    hashed subpkt 2 len 4 (sig created 2016-02-13)
    hashed subpkt 9 len 4 (key expires after 2y22d15h22m)
    subpkt 16 len 8 (issuer key ID 252A59A26AB0BD86)
    data: [2048 bits]
:public sub key packet:
    version 4, algo 1, created 1421890657, expires 0
    pkey[0]: [2048 bits]
    pkey[1]: [17 bits]
    keyid: E8C311BE687F7518
:signature packet: algo 1, keyid 252A59A26AB0BD86
    version 4, created 1421890657, md5len 0, sigclass 0x18
    digest algo 2, begin of digest 19 f7
    hashed subpkt 2 len 4 (sig created 2015-01-22)
    hashed subpkt 27 len 1 (key flags: 0C)
    hashed subpkt 9 len 4 (key expires after 1y0d0h0m)
    subpkt 16 len 8 (issuer key ID 252A59A26AB0BD86)
    data: [2048 bits]

Use gpg --edit-key 252A59A26AB0BD86 Then issue:

> key 1          # select subkey 1
> expire         # change expiration time
> save           # self-explanatory

Then do another keybase update. So yeah, PGP is really hard to use, we're trying to steer people of of it in the future and to use saltpack instead. But just getting that effort off the ground. Best of luck!

[rmoxley]

Yep, that did it. Thanks Max. I'll definitely steer towards saltpack going forward. In the meantime, I wonder if it's possible for keybase to provide more helpful error messages when a PGP key/subkey has expired?

Thanks again.

[maxtaco]

you are right, we should be a lot better about error messaging!