Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-69

keychain does not add GPG subkey for decrypting


    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:


      From Google Groups:

      I've some trouble adding gpg keys with keychain. I apparently need to
      add both primary key and associated subkey to gpg-agent. But using
      keychain no matter which key I try to add, it always is the one
      associated with the primary key.

      This is what I do

      $ keychain 0AA975DA

      Then the pinentry-curses shows

      Please enter the pass-phrase to unlock the secret key for the OpenPGP
      "Koen Smets <koen....@gmail.com>"
      4096-bit RSA key, ID 0AA975DA,
      created 2009-08-28
      $ keychain 0AA975DA
      * Known gpg key: 0AA975DA

      Then I encrypt a file

      $ gpg -r koen....@gmail.com -e foo.txt

      Now, when I want to decrypt the file:

      $ gpg -d foo.txt.gz

      Again, pinentry-cursus asks my passphrase. This time with another message:

      Please enter the pass-phrase to unlock the secret key for the OpenPGP
      "Koen Smets <koen....@gmail.com>"
      4096-bit RSA key, ID A4548D20
      created 2009-08-28 (main key ID 0AA975DA).

      Note the difference in keys between the two dialogs.

      If I add the subkey A4548D20, instead of the associated primary key,
      after clearing the keychain same behavior occurs.

      I tried to figure out what is happening behind the scenes by setting
      debug-level to guru and writing everything a separate log file. There I
      noticed that indeed two separate keys need to be present in cache of the

      agent_get_cache `F254C61A4F1DC4F6AF2804C949DBF1F00AA975DA'
      agent_get_cache `5017CCEEC87D8EF28E21D6E9E84ACB2CA4548D20'

      Where the former is asked when I use the keychain command

      $ keychain 0AA975DA


      $ keychain A4548D20

      while the latter, when I try decrypting using gpg

      $ gpg -d foo.txt.gz

      Note that if I try:

      $ keychain 0AA975D0 A4548D20

      It only asks the pass-phrase once, the other one is known (as they both
      resolve to the same hash! But for decrypting a file it needs another one...

      I think I'm missing something... So, how can I properly add my gpg key
      to the keychain, such that when decrypting a file I'm not again asked
      for my pass-phrase a second time.




            Unassigned Unassigned
            igor Clemens Kaposi
            0 Vote for this issue
            3 Start watching this issue