Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keybase can't find the secret key, although it claims it's stored #2800

Open
farcaller opened this issue Feb 5, 2017 · 11 comments
Open

Keybase can't find the secret key, although it claims it's stored #2800

farcaller opened this issue Feb 5, 2017 · 11 comments

Comments

@farcaller
Copy link

@farcaller farcaller commented Feb 5, 2017

% keybase status
...
Session:       no session
    is valid:  yes
    keys:      unlocked

Key status:
    stream:    not cached
    secret:    stored
    dev sig:   cached
    dev enc:   cached
    paper sig: not cached
    paper enc: not cached
    prompt:    show
    tsec:      not cached
...
% keybase pgp sign -m test
▶ ERROR No secret key available

Can't export it either:

% keybase pgp export -s
▶ ERROR No matching keys found
@cjb

This comment has been minimized.

Copy link

@cjb cjb commented Feb 5, 2017

Try "keybase login" first?

@farcaller

This comment has been minimized.

Copy link
Author

@farcaller farcaller commented Feb 5, 2017

% keybase login && keybase pgp export -s
▶ ERROR No matching keys found
@farcaller farcaller changed the title Keybase can't find the secret key, although it claims it's stored" Keybase can't find the secret key, although it claims it's stored Feb 5, 2017
@maxtaco

This comment has been minimized.

Copy link
Contributor

@maxtaco maxtaco commented Feb 5, 2017

Your PGP secret key isn't available on that machine. keybase status won't show you whether or not it's available.

@farcaller

This comment has been minimized.

Copy link
Author

@farcaller farcaller commented Feb 5, 2017

But the key is there:

% gpg --list-secret-keys                                                                                            ♺ master Ⓓ ⓣ
/Users/farcaller/.gnupg/pubring.gpg
-----------------------------------
sec   rsa4096 2016-03-19 [SC] [expires: 2026-03-17]
      D9275A46780D0D0AF96C341B29107C86BB993787
uid           [ultimate] Vladimir Pouzanov <farcaller@gmail.com>
ssb   rsa4096 2016-03-19 [E] [expires: 2026-03-17]
@maxtaco

This comment has been minimized.

Copy link
Contributor

@maxtaco maxtaco commented Feb 5, 2017

keybase pgp export -s is used to export out of the keyring that keybase manages, and into a file or into GPG's keyring. That means that likely haven't imported a secret GPG key on this machine.

For what you want to do, gpg --export-secret-key -a D9275A46780D0D0AF96C341B29107C86BB993787 might work

@pors

This comment has been minimized.

Copy link

@pors pors commented May 5, 2018

I have exactly the same problem. @farcaller did you find a solution?

@farcaller

This comment has been minimized.

Copy link
Author

@farcaller farcaller commented May 5, 2018

@pors that was some time ago, hm. I think that keybase secret isn't the same as pgp secret and you can have several pgp secrets in your keybase account in addition to the "keybase" secret? All and all I'd say it's a bit of the UX failure as the cli was giving me the mixed signals about what's happening.

TL;DR: just use gpg.

@pors

This comment has been minimized.

Copy link

@pors pors commented May 5, 2018

@farcaller thanks gpg did the job :)

@dequis

This comment has been minimized.

Copy link

@dequis dequis commented Oct 8, 2018

FWIW I had this issue and i solved it with the command maxtaco posted, but piped into keybase pgp import

gpg --export-secret-key -a D9275A46780D0D0AF96C341B29107C86BB993787 | keybase pgp import

It then threw this error but succeeded (issue #2050 covers this)

▶ ERROR This key is already active. You can't add it twice. (code 923)

Now keybase pgp sign can sign and keybase pgp export -s can export it.

@pavlov99

This comment has been minimized.

Copy link

@pavlov99 pavlov99 commented Mar 16, 2019

I had a private key stored on keybase server and was able to display it on the website, however, keybase export did not work for me (worked for another key though):

keybase pgp export -q <my-keybase-key-id> -s
▶ ERROR No matching keys found

Fixed it this way:

  1. Get private key from keybase.io and import it to pgp
    cat pk.txt | gpg --allow-secret-key-import --import
  2. Export key from pgp and import it to keybase
    gpg --export-secret-key -a <key-id-from-pgp-list-keys> | keybase pgp import

Then I was able to export key using keybase cli (I did not need to import it to pgp as key was already there). It is, indeed, strange that in order to make keybase work I had to essentially download key from keybase and upload it back there.

@maxtaco

This comment has been minimized.

Copy link
Contributor

@maxtaco maxtaco commented Mar 16, 2019

Ah, I understand why this would be. We should fix it. I'll put in a ticket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.