[pkg-gnupg-maint] Bug#806531: Bug#806531: gnupg2: old DSA 1024 key is not useable

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Aug 29 20:15:49 UTC 2016 

Control: tags 806531 + moreinfo

Hi Sandro--

On Sat 2015-11-28 09:56:05 -0500, Sandro Knauß wrote:
> I have an old DSA 2014 key and used that key a lot, so I have a lot of
> mails encrypted with that key, at least I want to read my old
> mails. Btw. the key is also available at sks-keyservers.net.
>
> I attached some output of gpg(2) --list-(secret-)keys. The failing
> part is gpg2 --list-secret-keys.
>
> Also decrypt/encrypt a file on the cmdline with that key without any positive outcome. I can use other keys that are RSA 4096.
>
> The migration from 1->2 was made:
>  * I stopped gpg-agent
>  * copied the keys from an old location 
>  * start gpg-agent again.
>
> I tried also to manually reimport the secrect key again but that didn't fixed it.


hm, it sounds to me like your secret keys were never migrated across to
gpg 2.1.

Can you show me the output of:

  ls -ld ~/.gnupg/.gpg-v21-migrated ~/.gnupg/private-keys-v1.d ~/.gnupg/private-keys-v1.d/E364995F26201E023BD28401CF0CA1BE58F978A8.key

E364995F26201E023BD28401CF0CA1BE58F978A8 is the "keygrip" of the secret
key in question.

I see at this point that you've revoked the public key but you might
still want to use its associated encryption-capable subkeys to decrypt
old messgaes.  You can see their keygrips with:

    gpg --fingerprint --fingerprint --list-options show-unusable-subkeys --with-keygrip --with-keygrip --list-keys 3D4DB440897F43A0F9117884858C390F7703B4E4

(or use gpg2 if gpg --version still shows 1.4.x).

can you look for those keygrips in ~/.gnupg/private-keys-v1.d as well?

if none of those keygrips are present in private-keys-v1.d, you might
try:

  gpg --import < ~/.gnupg/secring.gpg


(again, using "gpg2" instead of gpg if "gpg --version" shows 1.4.x)

Please report back here if this resolves things for you, or if you have
any other questions or insights that might help figure out what's going
on here.

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160829/52a7a224/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list