Hello Qubes users,
I am still stuck with this problem of not being able to move from Debian8 to Debian9 for my split GPG. Is there anyone who know a way to do this or is just split key GPG in Debian 9 broken?
Cubit
It's not broken on debian-9.
How are you calling split-gpg in the work qube?
What is the exact error message?
I had:
work qube as debian 8, changed template used to debian 9 and works ok.
vault qube as debian 8 but when I try change the template to debian 9, work template can no longer find private keys. The work quebe will start the vault qube when encrypted email is looked at so it appears they are talking ok.
- In work qube I am using Thunderbird + enigmail
- enigmail is configured to use "/usr/bin/qubes-gpg-client-wrapper"
- in work qube terminal "qubes-gpg-client -k" returns all my keys
The only thing changing is the template for vault qube.
Cubit
Which Qubes version are you using?
Do you get the Gpg dialog popup?
Qubes 3.2 with all templates and dom0 updated as of today. Yes I get pop up asking do I want to give access to keys for the time period defined by QUBES_GPG_AUTOACCEPT in .bash_profile in work qube (if vault qube is not running it will be started). I say yes to this and it just errors with
"Error - no matching private/secret key found to decrypt message; click on details button for more information"
Clicking on the details button in thunderbird, shows that the message is encrypted to my key
gpg key is a master / sub key set up with the master private key offline if that makes any difference.
Here is some type of answer if anyone else runs into this problem, I did not manage to fix this but did work around it.
- I created a brand new vault VM based on Debian 9,
- exported all my keys from old vault
- imported into new vault
- updated work VM to call new vault
everything works again.
I guess I'll never know why simply changing my original vault VM template from Debian 8 to 9 did not work.
Cubit