gpg 在可用时声明 "No secret key"
gpg claiming "No secret key" while it is available
我正在尝试使用 gpg --sign-key
签署另一个 public 密钥,然后出现 signing failed: No secret key
错误
完整输出:
❯ gpg --ask-cert-level --sign-with tinoheuberger@protonmail.com --sign-key 0x9303B33A305224CB
pub rsa4096/0x9303B33A305224CB
created: 2017-10-05 expires: never usage: C
trust: unknown validity: unknown
sub rsa4096/0x9B79B45691DB4173
created: 2017-10-05 expires: 2021-07-27 usage: S
sub rsa4096/0xDAB71C6FBCD75257
created: 2017-10-05 expires: 2021-07-27 usage: E
sub rsa4096/0x7651CCCB55BC4D56
created: 2017-10-05 expires: 2021-07-27 usage: A
[ unknown] (1). --------------) <----------------->
pub rsa4096/0x9303B33A305224CB
created: 2017-10-05 expires: never usage: C
trust: unknown validity: unknown
Primary key fingerprint: A8FC 55F3 B04B A314 6F34 92E7 9303 B33A 3052 24CB
----- (-----) <-------->
How carefully have you verified the key you are about to sign actually belongs
to the person named above? If you don't know what to answer, enter "0".
(0) I will not answer. (default)
(1) I have not checked at all.
(2) I have done casual checking.
(3) I have done very careful checking.
Your selection? (enter '?' for more information): 3
Are you sure that you want to sign this key with your
key "Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>" (0xB4B88025927E502D)
I have checked this key very carefully.
Really sign? (y/N) y
gpg: signing failed: No secret key
gpg: signing failed: No secret key
Key not changed so no update needed.
虽然这个命令可以正常工作:
echo "test message string" | gpg --armor --clearsign > signed.txt
gpg -K
的输出
/home/cobra/.gnupg/pubring.kbx
------------------------------
sec# rsa4096/0xB4B88025927E502D 2021-04-05 [C]
Key fingerprint = 90BD 307D 847F 7524 EA22 2F27 B4B8 8025 927E 502D
uid [ultimate] Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>
ssb> rsa4096/0x4AE34056E26AE417 2021-04-05 [S] [expires: 2022-04-05]
ssb> rsa4096/0x1F0B2D0F39B5549D 2021-04-05 [E] [expires: 2022-04-05]
ssb> rsa4096/0x3659102D72DF0E6C 2021-04-05 [A] [expires: 2022-04-05]
和 gpg --card-status
的输出(我使用的是 yubikey):
❯ gpg --card-status
Reader ...........: 1050:0407:X:0
Application ID ...: D2760001240103040006111828330000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 11182833
Name of cardholder: Tino Heuberger
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: tinoheuberger@protonmail.com
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 28
KDF setting ......: off
Signature key ....: 7C2C E04B 91AE 02D5 1935 F438 4AE3 4056 E26A E417
created ....: 2021-04-05 16:31:24
Encryption key....: 6408 7413 4AEC F845 E176 D6C9 1F0B 2D0F 39B5 549D
created ....: 2021-04-05 16:32:46
Authentication key: 45E1 05AD 16FA F864 16BB CC75 3659 102D 72DF 0E6C
created ....: 2021-04-05 16:33:35
General key info..: sub rsa4096/0x4AE34056E26AE417 2021-04-05 Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>
sec# rsa4096/0xB4B88025927E502D created: 2021-04-05 expires: never
ssb> rsa4096/0x4AE34056E26AE417 created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
ssb> rsa4096/0x1F0B2D0F39B5549D created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
ssb> rsa4096/0x3659102D72DF0E6C created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
我无法弄清楚我无法使用 gpg --sign-key
而所有其他 gpg 命令都可以正常工作
过了一段时间我弄明白了。
gpg --sign-key
仅在您拥有主密钥的私钥时才有效,这意味着我必须使用主私钥在离线计算机上签署 public 密钥。子项不适用于 gpg --sign-key
我正在尝试使用 gpg --sign-key
签署另一个 public 密钥,然后出现 signing failed: No secret key
完整输出:
❯ gpg --ask-cert-level --sign-with tinoheuberger@protonmail.com --sign-key 0x9303B33A305224CB
pub rsa4096/0x9303B33A305224CB
created: 2017-10-05 expires: never usage: C
trust: unknown validity: unknown
sub rsa4096/0x9B79B45691DB4173
created: 2017-10-05 expires: 2021-07-27 usage: S
sub rsa4096/0xDAB71C6FBCD75257
created: 2017-10-05 expires: 2021-07-27 usage: E
sub rsa4096/0x7651CCCB55BC4D56
created: 2017-10-05 expires: 2021-07-27 usage: A
[ unknown] (1). --------------) <----------------->
pub rsa4096/0x9303B33A305224CB
created: 2017-10-05 expires: never usage: C
trust: unknown validity: unknown
Primary key fingerprint: A8FC 55F3 B04B A314 6F34 92E7 9303 B33A 3052 24CB
----- (-----) <-------->
How carefully have you verified the key you are about to sign actually belongs
to the person named above? If you don't know what to answer, enter "0".
(0) I will not answer. (default)
(1) I have not checked at all.
(2) I have done casual checking.
(3) I have done very careful checking.
Your selection? (enter '?' for more information): 3
Are you sure that you want to sign this key with your
key "Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>" (0xB4B88025927E502D)
I have checked this key very carefully.
Really sign? (y/N) y
gpg: signing failed: No secret key
gpg: signing failed: No secret key
Key not changed so no update needed.
虽然这个命令可以正常工作:
echo "test message string" | gpg --armor --clearsign > signed.txt
gpg -K
/home/cobra/.gnupg/pubring.kbx
------------------------------
sec# rsa4096/0xB4B88025927E502D 2021-04-05 [C]
Key fingerprint = 90BD 307D 847F 7524 EA22 2F27 B4B8 8025 927E 502D
uid [ultimate] Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>
ssb> rsa4096/0x4AE34056E26AE417 2021-04-05 [S] [expires: 2022-04-05]
ssb> rsa4096/0x1F0B2D0F39B5549D 2021-04-05 [E] [expires: 2022-04-05]
ssb> rsa4096/0x3659102D72DF0E6C 2021-04-05 [A] [expires: 2022-04-05]
和 gpg --card-status
的输出(我使用的是 yubikey):
❯ gpg --card-status
Reader ...........: 1050:0407:X:0
Application ID ...: D2760001240103040006111828330000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 11182833
Name of cardholder: Tino Heuberger
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: tinoheuberger@protonmail.com
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 28
KDF setting ......: off
Signature key ....: 7C2C E04B 91AE 02D5 1935 F438 4AE3 4056 E26A E417
created ....: 2021-04-05 16:31:24
Encryption key....: 6408 7413 4AEC F845 E176 D6C9 1F0B 2D0F 39B5 549D
created ....: 2021-04-05 16:32:46
Authentication key: 45E1 05AD 16FA F864 16BB CC75 3659 102D 72DF 0E6C
created ....: 2021-04-05 16:33:35
General key info..: sub rsa4096/0x4AE34056E26AE417 2021-04-05 Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>
sec# rsa4096/0xB4B88025927E502D created: 2021-04-05 expires: never
ssb> rsa4096/0x4AE34056E26AE417 created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
ssb> rsa4096/0x1F0B2D0F39B5549D created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
ssb> rsa4096/0x3659102D72DF0E6C created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
我无法弄清楚我无法使用 gpg --sign-key
而所有其他 gpg 命令都可以正常工作
过了一段时间我弄明白了。
gpg --sign-key
仅在您拥有主密钥的私钥时才有效,这意味着我必须使用主私钥在离线计算机上签署 public 密钥。子项不适用于 gpg --sign-key