/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split gpg does not on Fedora 23 template-based qube as gpg backend #1641

Closed
marmarek opened this Issue Jan 16, 2016 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.1
1 participant
@marmarek
@marmarek
Member

marmarek commented Jan 16, 2016 

[user@personal ~]$ qubes-gpg-client test-enc.asc 
gpg: encrypted with 2048-bit RSA key, ID D755AC2A, created 2016-01-16
      "Real name (Comment) <Email@address>"
gpg: decryption failed: No secret key

It works fine after switching backend qube back to Fedora 21 template.

@marmarek marmarek added bug C: other P: major labels Jan 16, 2016

@marmarek marmarek added this to the Release 3.1 milestone Jan 16, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 16, 2016

Member

cc @rootkovska
Member

marmarek commented Jan 16, 2016

cc @rootkovska
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 16, 2016

Member

Interesting, it works fine after just listing keys in the backend:

[user@vault ~]$ gpg2 -K
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/home/user/.gnupg/secring.gpg' to gpg-agent
gpg: key A67A3024: secret key imported
gpg: migration succeeded
/home/user/.gnupg/pubring.gpg
-----------------------------
sec   rsa2048/A67A3024 2016-01-16
uid         [ultimate] Real name (Comment) <Email@address>
ssb   rsa2048/D755AC2A 2016-01-16

Apparently automatic key migration is done on listing keys, but not decryption. Also listing keys through split-gpg (qubes-gpg-client -K) is enough. This is why on my email VM I haven't such problem - mutt first list available keys.

I guess Thunderbird also list the keys, so also shouldn't be a problem there too. And ultimately, this isn't exactly split-gpg problem - the same happens when you try to decrypt a message directly using gpg2, without listing keys first (which would trigger keys migration).
Can we close this issue @rootkovska ? Or some action here is needed?
Member

marmarek commented Jan 16, 2016

Interesting, it works fine after just listing keys in the backend:

[user@vault ~]$ gpg2 -K
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/home/user/.gnupg/secring.gpg' to gpg-agent
gpg: key A67A3024: secret key imported
gpg: migration succeeded
/home/user/.gnupg/pubring.gpg
-----------------------------
sec   rsa2048/A67A3024 2016-01-16
uid         [ultimate] Real name (Comment) <Email@address>
ssb   rsa2048/D755AC2A 2016-01-16

Apparently automatic key migration is done on listing keys, but not decryption. Also listing keys through split-gpg (qubes-gpg-client -K) is enough. This is why on my email VM I haven't such problem - mutt first list available keys.

I guess Thunderbird also list the keys, so also shouldn't be a problem there too. And ultimately, this isn't exactly split-gpg problem - the same happens when you try to decrypt a message directly using gpg2, without listing keys first (which would trigger keys migration).
Can we close this issue @rootkovska ? Or some action here is needed?

@marmarek marmarek added the invalid label Feb 6, 2016

@marmarek marmarek closed this Feb 6, 2016

@marmarek marmarek added notanissue and removed invalid labels Feb 6, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment