automated signing with password-less subkeys

Joe Rhett jrhett at isite.net
Sat Sep 7 11:58:01 CEST 2002


Way back when Werner wrote to me:
> It seems that signing does not work.  It is possible that I never
> tested it with the old version.  GnuPG 1.05 and the 1.0.4h snapshot
> have the key selection code rewritten from scratch I have really
> tested that subkeys are preferred if they are cabable of signing.
> You can seen how these versions select a key by using the option
> "--debug 64".
 
Well, it appears that key selection is broken again in 1.07.  Trying to
update, and here's the results:

% gpg --homedir /website/.gnupg --armor --batch -r jrhett --sign --encrypt < /etc/hosts
gpg: secret key parts are not available
gpg: no default secret key: general error
gpg: [stdin]: sign+encrypt failed: general error

I did this according to standard practice, --export-secret-subkeys into a
new directory and remove the password from the key in that directory.

Here's the --debug 64
% gpg --homedir /website/.gnupg --armor --batch -r jspinks --sign --encrypt --debug 64 < /etc/hosts 
gpg: NOTE: no default option file `/website/.gnupg/options'
gpg: DBG: finish_lookup: checking key D2F0CE05 (all)(req_usage=0)
gpg: DBG:       using key D2F0CE05
gpg: DBG: finish_lookup: checking key D2F0CE05 (all)(req_usage=0)
gpg: DBG:       using key D2F0CE05
gpg: DBG: cache_user_id: already in cache
gpg: secret key parts are not available
gpg: no default secret key: general error
gpg: [stdin]: sign+encrypt failed: general error
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/16384

--- 
Joe Rhett                                                      Chief Geek
JRhett at ISite.Net                                      ISite Services, Inc.




More information about the Gnupg-devel mailing list