search

trustcrypto / onlykey-agent

The OnlyKey agent is essentially middleware that lets you use OnlyKey as a hardware SSH/GPG device.
https://docs.crp.to/onlykey-agent.html
GNU Lesser General Public License v3.0
46 stars 15 forks source link

onlykey-gpg-agent ignores ed25519 key #41

Closed haplo closed 9 months ago

haplo commented 9 months ago

My Onlykey has been working fine in Kubuntu 22.04 LTS, but I'm now setting up a new system with Arch Linux and I haven't been able to get onlykey-gpg-agent to work. I copied ~/.gnupg/onlykey to the new computer, if that's any hint.

Take for example:

$ gpg --list-secret-keys
gpg: problem with fast path key listing: Line passed to IPC too long - ignored
/home/fidel/.gnupg/onlykey/pubring.kbx
--------------------------------------
sec   rsa4096 2019-10-15 [SC]
A1D64A3B496CB0F36E12B46F9A9F520D44EA53D1
uid           [ unknown] CryptoTrust LLC <admin@cryptotrust.net>
ssb#  rsa4096 2019-10-15 [E]

The agent log is very long, because of the HAVEKEY --list=1000 operations, but what I see is that first it gets the right public key (ed25519) from the OnlyKey, but then right after it tries to find another (rsa) and fails with an error:

2024-01-22 15:08:32,621 DEBUG        parsed identity: {'proto': 'gpg', 'user': None, 'host': '', 'port': None, 'path': None}              [interface.py:30]
2024-01-22 15:08:32,729 DEBUG        connected                                                                                            [client.py:246]
2024-01-22 15:08:32,729 DEBUG        preparing payload for writing                                                                        [client.py:298]
2024-01-22 15:08:32,729 DEBUG        msg=OKSETTIME                                                                                        [client.py:304]
2024-01-22 15:08:32,729 DEBUG        payload=[101, 174, 132, 240]                                                                         [client.py:328]
2024-01-22 15:08:32,729 DEBUG        sending message                                                                                      [client.py:341]
2024-01-22 15:08:32,744 DEBUG        read="UNLOCKEDv2.1.2-prodc"                              [client.py:398]
2024-01-22 15:08:32,744 DEBUG        outstring="bytearray(b'UNLOCKEDv2.1.2-prodc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2024-01-22 15:08:32,744 DEBUG        Path to run-agent.sh = /home/fidel/.gnupg/onlykey/run-agent.sh                                       [onlykey.py:77]
2024-01-22 15:08:32,744 DEBUG        Setting skey slot = 132                                                                              [onlykey.py:58]
2024-01-22 15:08:32,744 DEBUG        Setting dkey slot = 132                                                                              [onlykey.py:65]
2024-01-22 15:08:32,744 INFO         Requesting public key from key slot =132                                                             [onlykey.py:134]
2024-01-22 15:08:32,744 DEBUG        identity parts: ['gpg://', 'Fidel Ramos <f@fidelramos.net>']                                         [interface.py:46]
2024-01-22 15:08:32,744 DEBUG        "<gpg://Fidel Ramos <f@fidelramos.net>|ed25519>" getting public key (ed25519) from OnlyKey           [onlykey.py:136]
2024-01-22 15:08:32,744 DEBUG        identity parts: ['gpg://', 'Fidel Ramos <f@fidelramos.net>']                                         [interface.py:46]
2024-01-22 15:08:32,744 INFO         Identity to hash =b'gpg://Fidel Ramos <f@fidelramos.net>'                                            [onlykey.py:148]
2024-01-22 15:08:32,745 INFO         Identity hash =c960afaa4ed5e06112f4b807fdeaba90f623a49fb4561574872f46b01bb01cd9                      [onlykey.py:152]
2024-01-22 15:08:32,745 DEBUG        preparing payload for writing                                                                        [client.py:298]
2024-01-22 15:08:32,745 DEBUG        msg=OKGETPUBKEY                                                                                      [client.py:304]
2024-01-22 15:08:32,745 DEBUG        slot_id=132                                                                                          [client.py:309]
2024-01-22 15:08:32,745 DEBUG        payload="01c960afaa4ed5e06112f4b807fdeaba90f623a49fb4561574872f46b01bb01cd9"                         [client.py:322]
2024-01-22 15:08:32,745 DEBUG        sending message                                                                                      [client.py:341]
2024-01-22 15:08:32,745 INFO         curve name= 'ed25519'                                                                                [onlykey.py:168]
2024-01-22 15:08:32,845 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:32,845 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:32,945 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:32,946 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,046 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,046 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,072 DEBUG        read="þöO  øϱí'Öa«ÞJ{¨Ïûm
"                              [client.py:398]
2024-01-22 15:08:33,072 DEBUG        outstring="bytearray(b"\x05\xfe\xf6O\x8e\t\xf8\xcf\xb1\xed\'\xd6a\xab\xdeJ{\xa8\xcf\xfb\x9d\xa0\xe8\xf6\xbdo\xd7\xf7\x0e\x07m\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")" [client.py:400]
2024-01-22 15:08:33,072 INFO         received= [5, 254, 246, 79, 142, 9, 248, 207, 177, 237, 39, 214, 97, 171, 222, 74, 123, 168, 207, 251, 157, 160, 232, 246, 189, 111, 215, 247, 14, 7, 109, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] [onlykey.py:179]
2024-01-22 15:08:33,073 INFO         Received Public Key generated by OnlyKey= '05fef64f8e09f8cfb1ed27d661abde4a7ba8cffb9da0e8f6bd6fd7f70e076d0c' [onlykey.py:186]
2024-01-22 15:08:33,073 INFO         vk= <nacl.signing.VerifyKey object at 0x7413a7ff0550>                                                [onlykey.py:189]
2024-01-22 15:08:33,073 INFO         disconnected from OnlyKey                                                                            [onlykey.py:117]
2024-01-22 15:08:33,080 INFO         IDENTITY(<libagent.device.interface.Identity object at 0x7413a7e14710>)                              [agent.py:219]
2024-01-22 15:08:33,080 DEBUG        <- b'OK'                                                                                             [keyring.py:56]
2024-01-22 15:08:33,080 DEBUG        -> b'HAVEKEY 730E9148060ECC322C420DB22A27FA666A2555FC CE8593BCFEABE21A9ABC269001CAD44F215BFB43'      [keyring.py:74]
2024-01-22 15:08:33,080 DEBUG        prefix byte: 0b10011000                                                                              [decode.py:244]
2024-01-22 15:08:33,080 DEBUG        packet length: 51                                                                                    [decode.py:264]
2024-01-22 15:08:33,080 DEBUG        parsing elliptic curve key                                                                           [decode.py:151]
2024-01-22 15:08:33,081 DEBUG        mpi: 4005fef64f8e09f8cfb1ed27d661abde4a7ba8cffb9da0e8f6bd6fd7f70e076d0c (263 bits)                   [decode.py:159]
2024-01-22 15:08:33,081 DEBUG        keygrip: 7461B3527634D34579301BE34CC8D600A9CE103A                                                    [decode.py:171]
2024-01-22 15:08:33,081 DEBUG        key ID: 379F14BB02F9317F                                                                             [decode.py:202]
2024-01-22 15:08:33,081 DEBUG        packet "pubkey": {'type': 'pubkey', 'version': 4, 'created': 1624313645, 'algo': 22, 'curve_oid': b'+\x06\x01\x04\x01\xdaG\x0f\x01', 'keygrip': b'ta\xb3Rv4\xd3Ey0\x1b\xe3L\xc8\xd6\x00\xa9\xce\x10:', 'key_id': b'7\x9f\x14\xbb\x02\xf91\x7f', '_to_hash': b"\x99\x003\x04`\xd1\x0f-\x16\t+\x06\x01\x04\x01\xdaG\x0f\x01\x01\x07@\x05\xfe\xf6O\x8e\t\xf8\xcf\xb1\xed'\xd6a\xab\xdeJ{\xa8\xcf\xfb\x9d\xa0\xe8\xf6\xbdo\xd7\xf7\x0e\x07m\x0c", 'tag': 6} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG        prefix byte: 0b10110100                                                                              [decode.py:244]
2024-01-22 15:08:33,081 DEBUG        packet length: 30                                                                                    [decode.py:264]
2024-01-22 15:08:33,081 DEBUG        packet "user_id": {'type': 'user_id', 'value': b'Fidel Ramos <f@fidelramos.net>', '_to_hash': b'\xb4\x00\x00\x00\x1eFidel Ramos <f@fidelramos.net>', 'tag': 13} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG        prefix byte: 0b10001000                                                                              [decode.py:244]
2024-01-22 15:08:33,081 DEBUG        packet length: 128                                                                                   [decode.py:264]
2024-01-22 15:08:33,081 DEBUG        packet "signature": {'type': 'signature', 'version': 4, 'sig_type': 19, 'pubkey_alg': 22, 'hash_alg': 8, 'hashed_subpackets': [b'\x02`\xd1\x0f-', b'\x0b\t', b'\x1b\x03', b'\x15\x08\t\n', b'\x16\x02\x03\x01', b'\x17\x80', b'\x1e\x01'], '_to_hash': b'\x04\x13\x16\x08\x00\x1c\x05\x02`\xd1\x0f-\x02\x0b\t\x02\x1b\x03\x04\x15\x08\t\n\x04\x16\x02\x03\x01\x02\x17\x80\x02\x1e\x01\x04\xff\x00\x00\x00"', 'unhashed_subpackets': [b'\x107\x9f\x14\xbb\x02\xf91\x7f', b'\x1aTREZOR-GPG'], 'hash_prefix': b'#\xf3', 'sig': (49487020675558168455976742378010286982611748278761614396265927913833275252969, 86185844306781434473756547943313639698826430570072805387917735866760627971073), 'tag': 2} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG        prefix byte: 0b10111000                                                                              [decode.py:244]
2024-01-22 15:08:33,081 DEBUG        packet length: 56                                                                                    [decode.py:264]
2024-01-22 15:08:33,081 DEBUG        parsing elliptic curve key                                                                           [decode.py:151]
2024-01-22 15:08:33,081 DEBUG        mpi: 40feeb5f8ef23cbe7b5e743d67cfce4d2ab69df5d6c34f7458c4226a0b5bc65371 (263 bits)                   [decode.py:159]
2024-01-22 15:08:33,081 DEBUG        keygrip: 8C8958B242D5EDB51C906F0CA635438E47F083C7                                                    [decode.py:171]
2024-01-22 15:08:33,081 DEBUG        key ID: 6C01802DACD5DFC9                                                                             [decode.py:202]
2024-01-22 15:08:33,081 DEBUG        packet "subkey": {'type': 'subkey', 'version': 4, 'created': 1624313645, 'algo': 18, 'curve_oid': b'+\x06\x01\x04\x01\x97U\x01\x05\x01', 'kdf': b'\x01\x08\x07', 'secret': b'', 'keygrip': b'\x8c\x89X\xb2B\xd5\xed\xb5\x1c\x90o\x0c\xa65C\x8eG\xf0\x83\xc7', 'key_id': b'l\x01\x80-\xac\xd5\xdf\xc9', '_to_hash': b'\x99\x008\x04`\xd1\x0f-\x12\n+\x06\x01\x04\x01\x97U\x01\x05\x01\x01\x07@\xfe\xeb_\x8e\xf2<\xbe{^t=g\xcf\xceM*\xb6\x9d\xf5\xd6\xc3OtX\xc4"j\x0b[\xc6Sq\x03\x01\x08\x07', 'tag': 14} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG        prefix byte: 0b10001000                                                                              [decode.py:244]
2024-01-22 15:08:33,081 DEBUG        packet length: 108                                                                                   [decode.py:264]
2024-01-22 15:08:33,081 DEBUG        packet "signature": {'type': 'signature', 'version': 4, 'sig_type': 24, 'pubkey_alg': 22, 'hash_alg': 8, 'hashed_subpackets': [b'\x02`\xd1\x0f-', b'\x1b\x0c'], '_to_hash': b'\x04\x18\x16\x08\x00\t\x05\x02`\xd1\x0f-\x02\x1b\x0c\x04\xff\x00\x00\x00\x0f', 'unhashed_subpackets': [b'\x107\x9f\x14\xbb\x02\xf91\x7f', b'\x1aTREZOR-GPG'], 'hash_prefix': b'\xa7K', 'sig': (110269233080789961207798485680565071832176297775737271011570488088595892276376, 29538492519196014106797991245019042746105075539835183179621125888489577994), 'tag': 2} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG        prefix byte: 0b10011001                                                                              [decode.py:244]
2024-01-22 15:08:33,081 DEBUG        packet length: 525                                                                                   [decode.py:264]
2024-01-22 15:08:33,081 DEBUG        parsing rsa key                                                                                      [decode.py:179]

[... CUT ...]

2024-01-22 15:08:33,143 DEBUG        parsed identity: {'proto': 'gpg', 'user': None, 'host': '', 'port': None, 'path': None}              [interface.py:30]
2024-01-22 15:08:33,268 DEBUG        connected                                                                                            [client.py:246]
2024-01-22 15:08:33,269 DEBUG        preparing payload for writing                                                                        [client.py:298]
2024-01-22 15:08:33,269 DEBUG        msg=OKSETTIME                                                                                        [client.py:304]
2024-01-22 15:08:33,269 DEBUG        payload=[101, 174, 132, 241]                                                                         [client.py:328]
2024-01-22 15:08:33,269 DEBUG        sending message                                                                                      [client.py:341]
2024-01-22 15:08:33,279 DEBUG        read="UNLOCKEDv2.1.2-prodc"                              [client.py:398]
2024-01-22 15:08:33,279 DEBUG        outstring="bytearray(b'UNLOCKEDv2.1.2-prodc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2024-01-22 15:08:33,279 DEBUG        Path to run-agent.sh = /home/fidel/.gnupg/onlykey/run-agent.sh                                       [onlykey.py:77]
2024-01-22 15:08:33,279 DEBUG        Setting skey slot = 132                                                                              [onlykey.py:58]
2024-01-22 15:08:33,279 DEBUG        Setting dkey slot = 132                                                                              [onlykey.py:65]
2024-01-22 15:08:33,279 INFO         Requesting public key from key slot =132                                                             [onlykey.py:134]
2024-01-22 15:08:33,279 DEBUG        identity parts: ['gpg://', 'CryptoTrust LLC <admin@cryptotrust.net>']                                [interface.py:46]
2024-01-22 15:08:33,279 DEBUG        "<gpg://CryptoTrust LLC <admin@cryptotrust.net>|rsa4096>" getting public key (rsa4096) from OnlyKey  [onlykey.py:136]
2024-01-22 15:08:33,279 DEBUG        identity parts: ['gpg://', 'CryptoTrust LLC <admin@cryptotrust.net>']                                [interface.py:46]
2024-01-22 15:08:33,279 INFO         Identity to hash =b'gpg://CryptoTrust LLC <admin@cryptotrust.net>'                                   [onlykey.py:148]
2024-01-22 15:08:33,279 INFO         Identity hash =f20136b31fb2dc2a0a0d62105ab13fd9e61c72847f00f618f5ddad0d058ad0bb                      [onlykey.py:152]
2024-01-22 15:08:33,279 DEBUG        preparing payload for writing                                                                        [client.py:298]
2024-01-22 15:08:33,279 DEBUG        msg=OKGETPUBKEY                                                                                      [client.py:304]
2024-01-22 15:08:33,279 DEBUG        slot_id=132                                                                                          [client.py:309]
2024-01-22 15:08:33,280 DEBUG        payload="f20136b31fb2dc2a0a0d62105ab13fd9e61c72847f00f618f5ddad0d058ad0bb"                           [client.py:322]
2024-01-22 15:08:33,280 DEBUG        sending message                                                                                      [client.py:341]
2024-01-22 15:08:33,280 INFO         curve name= 'rsa4096'                                                                                [onlykey.py:168]
2024-01-22 15:08:33,380 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,380 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,480 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,480 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,581 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,581 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,681 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,681 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,781 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,782 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,882 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,882 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:33,982 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:33,982 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,083 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,083 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,183 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,183 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,283 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,283 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,384 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,384 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,484 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,484 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,585 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,585 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,685 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,685 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,785 DEBUG        read=""                                                                                              [client.py:398]
2024-01-22 15:08:34,785 DEBUG        outstring="bytearray(b'')"                                                                           [client.py:400]
2024-01-22 15:08:34,785 INFO         Received Public Key generated by OnlyKey= []                                                         [onlykey.py:220]
2024-01-22 15:08:34,785 INFO         0                                                                                                    [onlykey.py:221]
2024-01-22 15:08:34,785 INFO         disconnected from OnlyKey                                                                            [onlykey.py:117]
2024-01-22 15:08:34,793 ERROR        handler failed: Error response length is not a valid public key                                      [__init__.py:318]
Traceback (most recent call last):
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/__init__.py", line 310, in run_agent_internal
handler.handle(conn)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 308, in handle
handler(conn, args)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 125, in <lambda>
b'HAVEKEY': lambda conn, args: self.have_key(conn, *args),
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 271, in have_key
self.get_identity(keygrip=keygrip)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/util.py", line 230, in wrapper
result = method(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 211, in get_identity
verifying_key = self.client.pubkey(identity=identity, ecdh=False)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/client.py", line 28, in pubkey
return self.device.pubkey(ecdh=ecdh, identity=identity)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/device/onlykey.py", line 241, in pubkey
raise interface.DeviceError("Error response length is not a valid public key")
libagent.device.interface.DeviceError: Error response length is not a valid public key

onlykey-agent is working fine for SSH, as is the OnlyKey desktop and CLI apps.

This is with onlykey-gpg-agent version 1.1.15 and lib-agent version 1.0.6. Kubuntu was using onlykey-gpg-agent 1.1.14 and lib-agent 1.0.5, but after upgrading both it keeps working fine.

onlykey commented 9 months ago

I noticed that you are running an old version of firmware. Are you able to update to the latest: https://github.com/trustcrypto/OnlyKey-Firmware/releases/tag/v3.0.4-prod

The issue appears to be that the OKGETPUBKEY fails to receive back the public key.

haplo commented 9 months ago

Thank you @onlykey for the quick reply. I was going to upgrade the firmware but backup is not working for some reason. I opened a separate issue for that:

https://github.com/trustcrypto/OnlyKey-Firmware/issues/169

haplo commented 9 months ago

Update: I upgraded the firmware to 3.0.4, issue is still happening.

I also tried with a different OnlyKey with a restored backup, also with latest firmware, same issue.

I tried with my OnlyKey DUO, firmware 3.0.1, same issue.

A key difference is in the GnuPG version of the two systems, the one that works (Kubuntu 22.04) is at GnuPG 2.2.27 libgcrypt 1.9.4, the faulty one (Arch Linux) is GnuPG 2.4.3 libgcrypt 1.10.3.

I will try generating a fresh gpg homedir and report back.

haplo commented 9 months ago

A fresh GnuPG profile works properly, so there must be something wrong inside the GnuPG homedir. It was copied from the old system, but because the GnuPG major versions were different (2.2 vs. 2.4) there might have been some data format discrepancy.

I will now try creating a fresh profile, export the keys and ownertrust from the old homedir and importing in the new one.

haplo commented 9 months ago

Creating the fresh homedir worked, so it was the GnuPG migration after all, probably on account of the different major versions.

In the old system:

gpg --export-ownertrust > ownertrust_export
gpg --export > keys_export
# copy the files to the new system

In the new one:

gpg --import-ownertrust ownertrust_export
gpg --import keys_export
onlykey commented 9 months ago

Thanks for working through the issues here. I am sorry you ran into this issue but glad you found the solution. I can try and see what is different between the contents of the old homedir and the new homedir if you are able to do a diff of the working vs non-working files that would help me find out what the issue was here.