failed to convert unprotected openpgp key: Checksum error

Phil Pennock gnupg-users at spodhuis.org
Mon Jan 22 21:37:37 CET 2018


On 2018-01-19 at 19:57 +1100, Simon Kissane wrote:
> However, when I try to decrypt data encrypted with the private key, I
> get a "failed to convert unprotected openpgp key: Checksum error"

Simpler check:

% gpg --export-secret-key
gpg: key 4252EB6983CE74C44F549B6F8666715904EE61F2: error receiving key from agent: Checksum error - skipped
gpg: WARNING: nothing exported

If I use `gpg --expert --full-generate-key` to make an SCEA RSA/4096
key, then it looks almost identical in structure to yours.

If I just `gpg --import` a dearmored version of the key, then I get a
checksum error at that time:
gpg: key 68F870F8C0FAA42B: public key "root:testGpg:key_54503F79_3794_456C_8725_8977A68B71C1" imported
gpg: key 68F870F8C0FAA42B/68F870F8C0FAA42B: error sending to agent: Checksum error

so something in the scripted setup you created suppressed that error
message, which is Unfortunate by GnuPG.  The key still ends up added to
the keyring in the above, even with the error, but it's unusable.
This might be a bug in GnuPG: IMO if it's broken and will never be
usable, then it should not be added and gpg should exit false.

So at this point, it looks to me like it really is an incorrect
checksum, exposing unfortunate edge-case handling in GnuPG.

-Phil



More information about the Gnupg-users mailing list