search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Unable to encrypt messages for trdarr #340

Open egrim opened 10 years ago

egrim commented 10 years ago

I cannot create an encrypted message for keybase user trdarr on his webpage or via the command line.

maxtaco commented 10 years ago

Likely related to #304. I'll take a look tomorrow. Thanks for the feedback.

zQueal commented 10 years ago

Some more information:

C:\>keybase encrypt trdarr -m 'testing'
info: ...checking identity proofs
ok public key fingerprint: E299 0090 BD27 1862 6D24 009F 02EA B472 2179 01C7
BAD "trdarr" on twitter: https://twitter.com/trdarr/status/448182264325619712 (failed with code 240)
ok "trdarr" on github: https://gist.github.com/9747513
Some remote proofs failed!
Still verify this user as trdarr? [y/N] y
Permanently track this user, and write proof to server? [Y/n] n

error: `gpg` exited with code 2
warn: gpg: E2990090BD2718626D24009F02EAB472217901C7: skipped: Unusable public key
warn: gpg: [stdin]: encryption failed: Unusable public key

Seems to me that all avenues must be authenticated before their public key can be used, maybe?

maxtaco commented 10 years ago

Indeed, this key is quite broken:

echo "hi" | gpg --encrypt -r 02EAB472217901C7
gpg: 02EAB472217901C7: skipped: Unusable public key
gpg: [stdin]: encryption failed: Unusable public key
egrim commented 10 years ago

Agreed - all of his subkeys are expired, and the primary key's usage isn't allowed to encrypt. Here are the details:

[egrim@etgrim-macbook:~/scratch]
[09:58:56] $ gpg --edit-key darr
gpg (GnuPG) 1.4.13; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  4096R/217901C7  created: 2013-11-08  expires: 2014-04-07  usage: SC  
                     trust: unknown       validity: unknown
sub  4096R/6F6D69FE  created: 2013-11-08  expired: 2013-11-22  usage: E   
sub  4096R/CF25F7C7  created: 2013-11-08  expired: 2013-11-22  usage: S   
sub  4096R/5BB8B75B  created: 2013-11-08  expired: 2013-11-22  usage: S   
[ unknown] (1). Thomas Darr <me@trdarr.com>
[egrim@etgrim-macbook:~/scratch]
[09:56:30] $ echo 'yo' | gpg --debug-all --encrypt -r darr
...
gpg: DBG: finish_lookup: checking key 217901C7 (all)(req_usage=2)
gpg: DBG:   checking subkey 6F6D69FE
gpg: DBG:   subkey has expired
gpg: DBG:   checking subkey CF25F7C7
gpg: DBG:   subkey has expired
gpg: DBG:   checking subkey 5BB8B75B
gpg: DBG:   subkey has expired
gpg: DBG:   no suitable subkeys found - trying primary
gpg: DBG:   primary key usage does not match: want=2 have=5
gpg: DBG:   no suitable key found -  giving up
...

I'll work with @trdarr to fix that. Do we want keybase to provide better information about what's going wrong in circumstances such as this?

trdarr commented 10 years ago

Unexpiring my encryption subkey and doing keybase push --update seems to have solved the problem. A slightly less opaque error message ("it didn't work") would be really helpful, but I'm not sure how much of that is Keybase and how much of that is GPG.