search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
902 stars 37 forks source link

Error: wanted a unique lookup #817

Open sciurius opened 10 years ago

sciurius commented 10 years ago

What am I doing wrong?

$ keybase track someonelse warn: When checking sciurius: Error: wanted a unique lookup, but got 2 object for key 03E146CDAF8136680AD566912A32340CEC8C9492 warn: Likely this is a bug or transient error; but the server could be compromised error: sciurius: signature verification failed

$ keybase version keybase (keybase.io CLI) v0.4.9

maxtaco commented 10 years ago

Thanks for the bug report, you didn't do anything wrong, I'll take a look. Thanks!

maxtaco commented 10 years ago

Can you paste in the output to this command? It lists the public keys in your GPG keychain with the fingerprint '....EC8C9492`

gpg -k --fingerprint --with-colons 03E146CDAF8136680AD566912A32340CEC8C9492

Thanks...

sciurius commented 10 years ago

$ gpg -k --fingerprint --with-colons 03E146CDAF8136680AD566912A32340CEC8C9492 tru::0:1403504418:1415040813:3:1:5 pub:-:4096:1:2A32340CEC8C9492:2014-04-26:::-:Keybase.io Merkle Signing (v1) merkle@keybase.io::scESC: fpr:::::::::03E146CDAF8136680AD566912A32340CEC8C9492: sub:-:4096:1:8A01CE578080955B:2014-04-26::::::e: sub:-:4096:1:F43803A349DA99D5:2014-04-26:2024-04-23:::::s: pub:-:4096:1:2A32340CEC8C9492:2014-04-26:::-:Keybase.io Merkle Signing (v1) merkle@keybase.io::scESC: fpr:::::::::03E146CDAF8136680AD566912A32340CEC8C9492: sub:-:4096:1:8A01CE578080955B:2014-04-26::::::e: sub:-:4096:1:F43803A349DA99D5:2014-04-26:2024-04-23:::::s:

maxtaco commented 10 years ago

Thanks! And bizarre, I've never seen this problem before. Can you also give me a gpg --version?

sciurius commented 10 years ago

$ gpg --version gpg (GnuPG) 1.4.13 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2

sciurius commented 10 years ago

Interesting, maybe:

$ gpg -k --fingerprint --with-colons 03E146CDAF8136680AD566912A32340CEC8C9492 ~/.gnupg/pubring.gpg gpg: Oops: keyid_from_fingerprint: no pubkey gpg: Oops: keyid_from_fingerprint: no pubkey gpg: key 00000000 occurs more than once in the trustdb tru::0:1403504418:1415040813:3:1:5 pub:-:4096:1:2A32340CEC8C9492:2014-04-26:::-:Keybase.io Merkle Signing (v1) merkle@keybase.io::scESC: fpr:::::::::03E146CDAF8136680AD566912A32340CEC8C9492: sub:-:4096:1:8A01CE578080955B:2014-04-26::::::e: sub:-:4096:1:F43803A349DA99D5:2014-04-26:2024-04-23:::::s: Exit 2

This returns only one key.

maxtaco commented 10 years ago

Oh, I forgot to ask, what's in your .gnupg/gpg.conf file? That's often an issue.

maxtaco commented 10 years ago

(BTW: you can run keybase with the --no-gpg-options flag to disable reading your gpg.conf file. There are some options that we can't workaround if specified there.)

sciurius commented 10 years ago

I think the problem is that I have multiple pubrings in my .gnupg directory. In particular:

-rw------- 1 jv jv 5075840 Jun 23 08:20 pubring.gpg -rw------- 1 jv jv 23787 Jun 23 15:19 pubring-old.gpg

Each contains one key for Merkle.

maxtaco commented 10 years ago

That's likely the issue. Are you asking GPG to look at the old one via options in your gpg.conf file?

sciurius commented 10 years ago

Yes:

----snip----

no-default-keyring

secret-keyring jv.gpg

secret-keyring secring-old.gpg

secret-keyring secring.gpg

keyring jv.pub.gpg

keyring pubring-old.gpg

keyring pubring.gpg

----snip----

maxtaco commented 10 years ago

Cool. Another BTW is that you can always ignore your gpg.conf file with keybase config no_gpg_options true, which will write that preference into the keybase config file.

sciurius commented 10 years ago

I restored .gnupg from a backup, from before installation of keybase. I imported the alternate keyring into the default keyring and eliminated the alternate keyring. Everything is fine now.

Now I add a new, alternate keyring by adding these lines to gpg.conf:

secret-keyring secring-alt.gpg keyring pubring-alt.gpg

When I issue a 'keybase login', the merkle key gets inserted in both keyrings, and will cause a fatal error for every subsequent keybase command.

So the bottom line is that keybase will fail if there is more than just a default keyring. This may be solved by always using --no-options on every gpg call, but I'm not sure that is the right approach.

ronin13 commented 9 years ago

I am hitting same issue with:

keybase --version
0.7.7

gpg --version
gpg (GnuPG) 2.1.2
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I wonder if this is due to gpg 2.1's keyring management which is different from earlier versions.