Migrating from OpenPGP card + gnupg 1.4 to 2.1

Alphazo alphazo at gmail.com
Wed Jan 11 23:14:00 CET 2012 

Now that the seg. fault is fixed. I tried again to migrate my hybrid
private key to the new gnupg2 key storage but I don't get

On Wed, Dec 21, 2011 at 10:38 PM, Alphazo <alphazo at gmail.com> wrote:
> You were right on the subkey. In the meantime I realized that the
> import function was also trying to import old revoked keys as well.
> That's why I got the password prompt for an old non OpenGPG card based
> key.
>
> Now for testing purposes I cleaned up my secring.gpg by removing all
> secret keys but one which is the one I described in my previous post.
>
> I started the import and didn't get any password prompt but
> unfortunately also no PIN prompt for my OpenPGP card (?).
> alpha at fatfly ~/.gnupg % gpg2 --import ~/.gnupg/secring.gpg
> gpg: key F89A6E41: "Test Key <testkey at nomail.org>" not changed
> gpg: key F89A6E41: secret key imported
> gpg: Total number processed: 4
> gpg:              unchanged: 1
> gpg:       secret keys read: 4
>
> Then I looked at my gnugp2 keystore but it remains empty.
>
> alpha at fatfly ~/.gnupg % ls private-keys-v1.d
> alpha at fatfly ~/.gnupg %
>
> Is my OpenPGP card stub being checked correctly?
> Is gpg-agent supposed to work out of the box with OpenPGP card?
>
> I then did another test by using a regular key (no OpenPGP card) and
> got a strange 'can't handle public key algorithm 3" error then a seg.
> fault when doing a --list-secret-keys. However --edit-key did work
> fine.
>
> (gdb) run -v --list-secret-keys
> Starting program: /usr/bin/gpg2 -v --list-secret-keys
> gpg: using PGP trust model
> gpg: can't handle public key algorithm 3
> gpg: subpacket of type 20 has critical bit set
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff732e700 in ?? () from /lib/libgcrypt.so.11
>
>
> #0  0x00007ffff732e700 in ?? () from /lib/libgcrypt.so.11
> No symbol table info available.
> #1  0x00007ffff72e6726 in ?? () from /lib/libgcrypt.so.11
> No symbol table info available.
> #2  0x00007ffff72e7bfa in ?? () from /lib/libgcrypt.so.11
> No symbol table info available.
> #3  0x00007ffff72e1ef2 in gcry_sexp_build () from /lib/libgcrypt.so.11
> No symbol table info available.
> #4  0x000000000042a05b in ?? ()
> No symbol table info available.
> #5  0x0000000000471e63 in ?? ()
> No symbol table info available.
> #6  0x00000000004383fc in ?? ()
> No symbol table info available.
> #7  0x000000000040c120 in ?? ()
> No symbol table info available.
> #8  0x00007ffff6b6114d in __libc_start_main () from /lib/libc.so.6
> No symbol table info available.
> #9  0x000000000040c5ed in ?? ()
> No symbol table info available.
> #10 0x00007fffffffe0b8 in ?? ()
> ---Type <return> to continue, or q <return> to quit---
> No symbol table info available.
> #11 0x00000000ffffffff in ?? ()
> No symbol table info available.
> #12 0x0000000000000003 in ?? ()
> No symbol table info available.
> #13 0x00007fffffffe408 in ?? ()
> No symbol table info available.
> #14 0x00007fffffffe416 in ?? ()
> No symbol table info available.
> #15 0x00007fffffffe419 in ?? ()
> No symbol table info available.
> #16 0x0000000000000000 in ?? ()
> No symbol table info available.
>
>
> gpg2 -v --edit-key alphazo at gmail.com
> Secret key is available.
>
> gpg: using PGP trust model
> pub  1024D/242D4DFB  created: 2009-08-20  expires: never       usage: SC
>                     trust: ultimate      validity: ultimate
> sub  2048g/CBF93DD2  created: 2009-08-20  expires: never       usage: E
> [ultimate] (1). Alphazo <alphazo at gmail.com>
>
> Alphazo
>
> On Wed, Dec 21, 2011 at 7:08 PM, Werner Koch <wk at gnupg.org> wrote:
>> On Wed, 21 Dec 2011 15:35, alphazo at gmail.com said:
>>
>>> When importing this key I got the pinentry-gtk popup asking for the
>>> passphrase for this key but this won't be of any help considering that
>>> no private key material is there.
>>
>> Are you sure that it ask for the passphrase of the primary key?  It
>> should ask for the one of the subkey.  In any case, please enter the
>> passphrase of the subkey (which is usually the same as of the primary
>> key).  Note, that I have a very similar setup and it worked without
>> problems.  It is however possible that we have a regression here.
>>
>>> I could probably setup a temporary machine to use the full keychain
>>> with passphrase then migrate to 2.1 and finally remove the private key
>>> material of the primary key (is that possible with 2.1?).
>>
>> Yes, very easy:
>>
>>  gpg2 --with-keygrip -K
>>
>> shows you the keygrip of the keys.  Now, simply remove the file
>> ~/.gnupg/private-keys-v1.d/KEYGRIP.key
>>
>>
>> Salam-Shalom,
>>
>>   Werner
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>

More information about the Gnupg-devel mailing list