[pkg-gnupg-maint] Bug#795639: assword fails with "Decryption error: Decryption failed"
Russ Allbery
rra at debian.org
Mon Aug 17 15:24:56 UTC 2015
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> interesting. what is the history of this secret key material? Was it
> generated fresh on 2009-05-29? or was it converted from some other
> (older) key source?
It was generated fresh on 2009-05-29 using gpg at the time.
>> Aha. Okay, I seem to have fixed it, although I still don't really
>> understand what happened. On a hunch, I ran:
>>
>> $ gpg2 --import ~/.gnupg/pubring.gpg
>>
>> That spat out a bunch of output (tons and tons of those legacy key
>> messages), and then I ran:
>>
>> $ gpg2 --import ~/.gnupg/secring.gpg
>>
>> again.
> Did you happen to compare your test commands (e.g. looking at files,
> running "gpg -kv $FPR") between these two --import operations? I'm
> assuming that the last one is the one that "fixed" things, but i'd like
> to make sure...
Sadly, I didn't, but I do know for certain that just doing the second did
not fix the problem. It just declined to import the key with the legacy
key message and then another message about how there was no self-sig.
(Actually, you probably already know that since I think that was a
previous message -- now I'm forgetting what I did when.)
I started wondering if it couldn't see the self-sig because it didn't have
the corresponding public key and wondered what would happen if I imported
the public key ring. After I did that, the second command actually
imported the secret key as well (in that I saw "1 key imported" in the
resulting message). For some reason, all my other secret keys were
successfully imported. Just not that one.
> do you know if there were more "legacy key" messages for the second
> --import command?
Oh, yeah, there are tons every time I run that command. Basically one for
every key.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the pkg-gnupg-maint
mailing list