Open sciurius opened 10 years ago
Thanks for the bug report, you didn't do anything wrong, I'll take a look. Thanks!
Can you paste in the output to this command? It lists the public keys in your GPG keychain with the fingerprint '....EC8C9492`
gpg -k --fingerprint --with-colons 03E146CDAF8136680AD566912A32340CEC8C9492
Thanks...
$ gpg -k --fingerprint --with-colons 03E146CDAF8136680AD566912A32340CEC8C9492 tru::0:1403504418:1415040813:3:1:5 pub:-:4096:1:2A32340CEC8C9492:2014-04-26:::-:Keybase.io Merkle Signing (v1) merkle@keybase.io::scESC: fpr:::::::::03E146CDAF8136680AD566912A32340CEC8C9492: sub:-:4096:1:8A01CE578080955B:2014-04-26::::::e: sub:-:4096:1:F43803A349DA99D5:2014-04-26:2024-04-23:::::s: pub:-:4096:1:2A32340CEC8C9492:2014-04-26:::-:Keybase.io Merkle Signing (v1) merkle@keybase.io::scESC: fpr:::::::::03E146CDAF8136680AD566912A32340CEC8C9492: sub:-:4096:1:8A01CE578080955B:2014-04-26::::::e: sub:-:4096:1:F43803A349DA99D5:2014-04-26:2024-04-23:::::s:
Thanks! And bizarre, I've never seen this problem before. Can you also give me a gpg --version
?
$ gpg --version gpg (GnuPG) 1.4.13 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2
Interesting, maybe:
$ gpg -k --fingerprint --with-colons 03E146CDAF8136680AD566912A32340CEC8C9492 ~/.gnupg/pubring.gpg gpg: Oops: keyid_from_fingerprint: no pubkey gpg: Oops: keyid_from_fingerprint: no pubkey gpg: key 00000000 occurs more than once in the trustdb tru::0:1403504418:1415040813:3:1:5 pub:-:4096:1:2A32340CEC8C9492:2014-04-26:::-:Keybase.io Merkle Signing (v1) merkle@keybase.io::scESC: fpr:::::::::03E146CDAF8136680AD566912A32340CEC8C9492: sub:-:4096:1:8A01CE578080955B:2014-04-26::::::e: sub:-:4096:1:F43803A349DA99D5:2014-04-26:2024-04-23:::::s: Exit 2
This returns only one key.
Oh, I forgot to ask, what's in your .gnupg/gpg.conf
file? That's often an issue.
(BTW: you can run keybase with the --no-gpg-options
flag to disable reading your gpg.conf
file. There are some options that we can't workaround if specified there.)
I think the problem is that I have multiple pubrings in my .gnupg directory. In particular:
-rw------- 1 jv jv 5075840 Jun 23 08:20 pubring.gpg -rw------- 1 jv jv 23787 Jun 23 15:19 pubring-old.gpg
Each contains one key for Merkle.
That's likely the issue. Are you asking GPG to look at the old one via options in your gpg.conf
file?
Yes:
----snip----
secret-keyring secring-old.gpg
keyring pubring-old.gpg
----snip----
Cool. Another BTW is that you can always ignore your gpg.conf
file with keybase config no_gpg_options true
, which will write that preference into the keybase config file.
I restored .gnupg from a backup, from before installation of keybase. I imported the alternate keyring into the default keyring and eliminated the alternate keyring. Everything is fine now.
Now I add a new, alternate keyring by adding these lines to gpg.conf:
secret-keyring secring-alt.gpg keyring pubring-alt.gpg
When I issue a 'keybase login', the merkle key gets inserted in both keyrings, and will cause a fatal error for every subsequent keybase command.
So the bottom line is that keybase will fail if there is more than just a default keyring. This may be solved by always using --no-options on every gpg call, but I'm not sure that is the right approach.
I am hitting same issue with:
keybase --version
0.7.7
gpg --version
gpg (GnuPG) 2.1.2
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
I wonder if this is due to gpg 2.1's keyring management which is different from earlier versions.
What am I doing wrong?
$ keybase track someonelse warn: When checking sciurius: Error: wanted a unique lookup, but got 2 object for key 03E146CDAF8136680AD566912A32340CEC8C9492 warn: Likely this is a bug or transient error; but the server could be compromised error: sciurius: signature verification failed
$ keybase version keybase (keybase.io CLI) v0.4.9