[pkg-gnupg-maint] Bug#795639: assword fails with "Decryption error: Decryption failed"

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Aug 16 08:35:47 UTC 2015 

On Sun 2015-08-16 02:55:43 +0200, Russ Allbery wrote:
> Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
>
>> does this succeed with gpg2 --decrypt as well, or just gpg --decrypt?
>
> Aha.  Here's a problem:
>
> mithrandir:~/private/db$ gpg2 --decrypt personal
> gpg: error reading keyblock: Legacy key
> gpg: keydb_get_keyblock failed: Legacy key
> gpg: encrypted with RSA key, ID 7CE29A76E9769486
> gpg: decryption failed: No secret key
>
> I have no idea what that means, and Google was not particularly
> enlightening.
>
>> do you see files listed when you look at the GnuPG 2.1 secret key storage:
>
>>    ls -l ~/.gnupg/private-keys-v1.d/*.key
>
> Yes.

ok, so the keygrip for 0x7CE29A76E9769486 is
FD1DA474D3DF3C728C54F9E479EDFC5BBE2E14EA

(via "gpg2  --with-keygrip --list-keys 7CE29A76E9769486")

do you see ~/.gnupg/private-keys-v1.d/FD1DA474D3DF3C728C54F9E479EDFC5BBE2E14EA.key ?

>> Depending on the output of the above, maybe you can try importing your
>> secret keyring again:
>
>>  gpg2 --import < ~/.gnupg/secring.gpg
>
>> (this should have been imported automatically for you upon your first
>> use of gpg 2.1 after the upgrade)
>
> I get a lot more "legacy key" errors, and this weird error that I don't
> understand:
>
> gpg: key D15D313882004173: no valid user IDs
> gpg: this may be caused by a missing self-signature
> gpg: keydb_get_keyblock failed: Legacy key
> gpg: key D15D313882004173: failed to re-lookup public key
>
> That key definitely has a self-signature.  It's the same key I use for
> Debian.
>
> mithrandir:~/private/db$ gpg -kv D15D313882004173
> pub   4096R/D15D313882004173 2009-05-29 [expires: 2017-09-17]
> uid               [ultimate] Russ Allbery <eagle at eyrie.org>
> uid               [ultimate] Russ Allbery <rra at stanford.edu>
> uid               [ultimate] Russ Allbery <rra at debian.org>
> uid               [ revoked] Russ Allbery <eagle at windlord.stanford.edu>
> uid               [ultimate] Russ Allbery <rra at cs.stanford.edu>
> sub   4096R/7CE29A76E9769486 2009-05-29 [expires: 2017-09-17]
> sub   2048R/7D80315C5736DE75 2010-09-17 [expires: 2016-03-20]

I agree with you that this key clearly has valid self-sigs.  it does in
my copy as well.

can you show the same output from gpg2 as well as gpg ?

Also: does it show up in the output of:

 gpg2 --list-secret-keys

sorry for the hassle, and thanks for the quick debugging responses.

    --dkg

More information about the pkg-gnupg-maint mailing list