Details
-
Bug
-
Resolution: Fixed
-
Normal
-
None
-
None
Description
From Google Groups:
I've some trouble adding gpg keys with keychain. I apparently need to
add both primary key and associated subkey to gpg-agent. But using
keychain no matter which key I try to add, it always is the one
associated with the primary key.This is what I do
$ keychain 0AA975DAThen the pinentry-curses shows
Please enter the pass-phrase to unlock the secret key for the OpenPGP certificate: "Koen Smets <koen....@gmail.com>" 4096-bit RSA key, ID 0AA975DA, created 2009-08-28$ keychain 0AA975DA * Known gpg key: 0AA975DAThen I encrypt a file
$ gpg -r koen....@gmail.com -e foo.txtNow, when I want to decrypt the file:
$ gpg -d foo.txt.gzAgain, pinentry-cursus asks my passphrase. This time with another message:
Please enter the pass-phrase to unlock the secret key for the OpenPGP certificate: "Koen Smets <koen....@gmail.com>" 4096-bit RSA key, ID A4548D20 created 2009-08-28 (main key ID 0AA975DA).Note the difference in keys between the two dialogs.
If I add the subkey A4548D20, instead of the associated primary key,
after clearing the keychain same behavior occurs.I tried to figure out what is happening behind the scenes by setting
debug-level to guru and writing everything a separate log file. There I
noticed that indeed two separate keys need to be present in cache of the
gpg-agent:agent_get_cache `F254C61A4F1DC4F6AF2804C949DBF1F00AA975DA' agent_get_cache `5017CCEEC87D8EF28E21D6E9E84ACB2CA4548D20'Where the former is asked when I use the keychain command
$ keychain 0AA975DAor
$ keychain A4548D20while the latter, when I try decrypting using gpg
$ gpg -d foo.txt.gzNote that if I try:
$ keychain 0AA975D0 A4548D20It only asks the pass-phrase once, the other one is known (as they both
resolve to the same hash! But for decrypting a file it needs another one...I think I'm missing something... So, how can I properly add my gpg key
to the keychain, such that when decrypting a file I'm not again asked
for my pass-phrase a second time.