Troubles adding right gpg key to keychain

43 views
Skip to first unread message

Koen Smets

unread,
Aug 25, 2010, 9:44:38 AM8/25/10
to funto...@googlegroups.com
Dear keychain-users,

I've some trouble adding gpg keys with keychain. I apparently need to
add both primary key and associated subkey to gpg-agent. But using
keychain no matter which key I try to add, it always is the one
associated with the primary key.

This is what I do

$ keychain 0AA975DA

Then the pinentry-curses shows

Please enter the pass-phrase to unlock the secret key for the OpenPGP
certificate:
"Koen Smets <koen....@gmail.com>"
4096-bit RSA key, ID 0AA975DA,
created 2009-08-28

$ keychain 0AA975DA
* Known gpg key: 0AA975DA

Then I encrypt a file
$ gpg -r koen....@gmail.com -e foo.txt

Now, when I want to decrypt the file:
$ gpg -d foo.txt.gz

Again, pinentry-cursus asks my passphrase. This time with another message:
Please enter the pass-phrase to unlock the secret key for the OpenPGP
certificate:
"Koen Smets <koen....@gmail.com>"
4096-bit RSA key, ID A4548D20
created 2009-08-28 (main key ID 0AA975DA).

Note the difference in keys between the two dialogs.

If I add the subkey A4548D20, instead of the associated primary key,
after clearing the keychain same behavior occurs.

I tried to figure out what is happening behind the scenes by setting
debug-level to guru and writing everything a separate log file. There I
noticed that indeed two separate keys need to be present in cache of the
gpg-agent:

agent_get_cache `F254C61A4F1DC4F6AF2804C949DBF1F00AA975DA'
agent_get_cache `5017CCEEC87D8EF28E21D6E9E84ACB2CA4548D20'

Where the former is asked when I use the keychain command
$ keychain 0AA975DA
or
$ keychain A4548D20
while the latter, when I try decrypting using gpg
$ gpg -d foo.txt.gz

Note that if I try:
$ keychain 0AA975D0 A4548D20
It only asks the pass-phrase once, the other one is known (as they both
resolve to the same hash! But for decrypting a file it needs another one...

I think I'm missing something... So, how can I properly add my gpg key
to the keychain, such that when decrypting a file I'm not again asked
for my pass-phrase a second time.

With kind regards,
Koen

Daniel Robbins

unread,
Aug 16, 2012, 4:14:11 PM8/16/12
to funto...@googlegroups.com
Urg, I need to look into this ... :)

Can you do me a favor and create a bug for it on bugs.funtoo.org, --
that way, I will not be allowed to forget. Putting it under Funtoo
Linux for now will be fine.

On Thu, Aug 16, 2012 at 12:08 AM, Clemens Kaposi <ygg...@gmail.com> wrote:
> I have the same problem. Any news on this one?
>
> --
> To manage your subscription, visit this group at
> http://groups.google.com/group/funtoo-dev?hl=en
> ---
> Also be sure to check out:
> Funtoo Forums: http://forums.funtoo.org
> Planet Larry: http://larrythecow.org

Clemens Kaposi

unread,
Aug 17, 2012, 1:07:50 AM8/17/12
to funto...@googlegroups.com
On Thursday, August 16, 2012 10:14:11 PM UTC+2, Daniel Robbins wrote:
Urg, I need to look into this ... :)

Can you do me a favor and create a bug for it on bugs.funtoo.org, --
that way, I will not be allowed to forget. Putting it under Funtoo
Linux for now will be fine.

Done—see Ticket FL-69 (http://bugs.funtoo.org/browse/FL-69).  Thanks for the quick reply!
Reply all
Reply to author
Forward
0 new messages