Keybase can't find the secret key, although it claims it's stored

[farcaller]

% keybase status
...
Session:       no session
    is valid:  yes
    keys:      unlocked

Key status:
    stream:    not cached
    secret:    stored
    dev sig:   cached
    dev enc:   cached
    paper sig: not cached
    paper enc: not cached
    prompt:    show
    tsec:      not cached
...

% keybase pgp sign -m test
▶ ERROR No secret key available

Can't export it either:

% keybase pgp export -s
▶ ERROR No matching keys found

[cjb]

Try "keybase login" first?

[farcaller]

% keybase login && keybase pgp export -s
▶ ERROR No matching keys found

[maxtaco]

Your PGP secret key isn't available on that machine. keybase status won't show you whether or not it's available.

[farcaller]

But the key is there:

% gpg --list-secret-keys                                                                                            ♺ master Ⓓ ⓣ
/Users/farcaller/.gnupg/pubring.gpg
-----------------------------------
sec   rsa4096 2016-03-19 [SC] [expires: 2026-03-17]
      D9275A46780D0D0AF96C341B29107C86BB993787
uid           [ultimate] Vladimir Pouzanov <farcaller@gmail.com>
ssb   rsa4096 2016-03-19 [E] [expires: 2026-03-17]

[maxtaco]

keybase pgp export -s is used to export out of the keyring that keybase manages, and into a file or into GPG's keyring. That means that likely haven't imported a secret GPG key on this machine.

For what you want to do, gpg --export-secret-key -a D9275A46780D0D0AF96C341B29107C86BB993787 might work

[pors]

I have exactly the same problem. @farcaller did you find a solution?

[farcaller]

@pors that was some time ago, hm. I think that keybase secret isn't the same as pgp secret and you can have several pgp secrets in your keybase account in addition to the "keybase" secret? All and all I'd say it's a bit of the UX failure as the cli was giving me the mixed signals about what's happening.

TL;DR: just use gpg.

[pors]

@farcaller thanks gpg did the job :)

[dequis]

FWIW I had this issue and i solved it with the command maxtaco posted, but piped into keybase pgp import

gpg --export-secret-key -a D9275A46780D0D0AF96C341B29107C86BB993787 | keybase pgp import

It then threw this error but succeeded (issue #2050 covers this)

▶ ERROR This key is already active. You can't add it twice. (code 923)

Now keybase pgp sign can sign and keybase pgp export -s can export it.

[pavlov99]

I had a private key stored on keybase server and was able to display it on the website, however, keybase export did not work for me (worked for another key though):

keybase pgp export -q <my-keybase-key-id> -s
▶ ERROR No matching keys found

Fixed it this way:

1. Get private key from keybase.io and import it to pgp
   cat pk.txt | gpg --allow-secret-key-import --import
2. Export key from pgp and import it to keybase
   gpg --export-secret-key -a <key-id-from-pgp-list-keys> | keybase pgp import

Then I was able to export key using keybase cli (I did not need to import it to pgp as key was already there). It is, indeed, strange that in order to make keybase work I had to essentially download key from keybase and upload it back there.

[maxtaco]

Ah, I understand why this would be. We should fix it. I'll put in a ticket.

[moritzruth]

any updates on this?