[pkg-gnupg-maint] Bug#1108406: gnupg: On Debian 13, fail to import a secret key exported from a Debian 12 host
John Scott
jscott at posteo.net
Sun Jun 29 01:52:31 BST 2025
Andreas Metzler wrote:
> is the locale setup identical on both the Debian 12 and 13 systems?
>
> Just to illustrate, both strings look identical but are not binary identical, just use you password instead of "Frédéric":
This is a good point Andreas made here. In general former releases of Debian were somewhat permissive other text encoding options, but only locales compatible with UTF-8 are supported by the GNU C Library and Debian lately. Your new machine is indeed set up to use UTF-8 correctly based on the info in your original bug report, so that's good.
Your log appears to use ISO-8859-1 to encode special characters, and the GnuPG log says this:
gpg: DBG: chan_5 -> OPTION ttytype=xterm-kitty
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION display=:0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION xauthority=/home/fred/.Xauthority
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=XDG_SESSION_TYPE=x11
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION lc-ctype=C
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION lc-messages=C
The "LC_CTYPE=C" is odd... My suspicion is that this causes a fallback to ISO-8859-1 (for input and output) when necessary because GnuPG has its own code to handle that encoding, and maybe GnuPG was thrown off by your terminal type as shown by 'ttytype=xterm-kitty'. Also, the GNOME/GTK ecosystem deliberately only supports UTF-8 even if the system would normally use another encoding, so if GnuPG is trying to exchange ISO-8859-1 text with GNOME's Pinentry, that's always just wrong and GNOME Pinentry ought to make more noise about such an invalid configuration.
Here are my ideas:
• What terminal emulator and desktop environment are you using? If you don't know, it's probably GNOME Terminal or the newer GNOME Console on GNOME. If it is indeed the Kitty terminal emulator, try a different one.
• Try to totally log out of your session or restart, and then try importing the key again passing the '--display-charset UTF-8' option. This should tell GnuPG not to make guesses but to use UTF-8 for both input and output.
• The easiest thing, however, might be to change your private key's password on your old computer to something with only US-ASCII characters, export *that* key, and import it on your new computer. The characters in US-ASCII are always encoded the same way in all encodings that might be at play, so this would allow for more forgiveness if the encoding is set wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250629/414f9213/attachment.sig>
More information about the pkg-gnupg-maint
mailing list