Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support selecting key if more than one secret key exists #6

Open
andybotting opened this issue Nov 8, 2013 · 2 comments
Open

Support selecting key if more than one secret key exists #6

andybotting opened this issue Nov 8, 2013 · 2 comments
Labels
bug

Comments

@andybotting
Copy link

I have two GPG secret keys in my keyring.

I think the wrong one is listed first, so any 'encrypt' operations result in this:

/home/andy/.gem/ruby/1.8/gems/gpgme-2.0.2/lib/gpgme/ctx.rb:432:in `encrypt': General error (GPGME::Error::General)
    from /home/andy/.gem/ruby/1.8/gems/gpgme-2.0.2/lib/gpgme/crypto.rb:99:in `encrypt'
    from /home/andy/.gem/ruby/1.8/gems/gpgme-2.0.2/lib/gpgme/ctx.rb:67:in `new'
    from /home/andy/.gem/ruby/1.8/gems/gpgme-2.0.2/lib/gpgme/crypto.rb:90:in `encrypt'
    from /home/andy/.gem/ruby/1.8/gems/hiera-eyaml-gpg-0.2/lib/hiera/backend/eyaml/encryptors/gpg.rb:123:in `encrypt'
    from /home/andy/.gem/ruby/1.8/gems/hiera-eyaml-1.3.4/lib/hiera/backend/eyaml/actions/encrypt_action.rb:38:in `execute'
    from /home/andy/.gem/ruby/1.8/gems/hiera-eyaml-1.3.4/lib/hiera/backend/eyaml/CLI.rb:101:in `execute'
    from /home/andy/.gem/ruby/1.8/gems/hiera-eyaml-1.3.4/bin/eyaml:13
    from /home/andy/.gem/ruby/1.8/bin/eyaml:19:in `load'
    from /home/andy/.gem/ruby/1.8/bin/eyaml:19

I'm running Ruby 1.8 (for Puppet 2.7.x compatibility) on Arch Linux, with the following gems installed:

  • gpgme (2.0.2)
  • hiera (1.1.1)
  • hiera-eyaml (1.3.4)
  • hiera-eyaml-gpg (0.2)
@jgmchan
Copy link

jgmchan commented Nov 8, 2013

As far as I understand GPG, you use the public key of the recipients to encrypt something, not with your secret key.

Your secret key is used to decrypt a message which someone else has encrypted with your public key.

Can you supply some more information about this problem you are having, I suspect it might be something to do with the public keys in your keyring.

@gfa
Copy link

gfa commented Mar 10, 2019
edited
Loading

Hello

I have exactly the same issue, I have 2 valid encryption subkeys in my GPG key (and 3 non-valid encryption subkeys).
In order to use the 2 valid encryption subkeys and not the invalid ones I give the subkey ids followed by ! to gpg as recipient

$ gpg -e -r 0xSUBKEY_ID! < text

I've configured gpg_recipients_file and put both SUBKEY_IDs in the gpg_recipients_file

Looking at the debug log (GPGME_DEBUG=9), i can see that gpgme (or hiera-eyaml-gpg, I really don't know) first list all the keys associated with the recipient is passed

$ eyaml encrypt -n gpg -s "A secret string to encrypt" --gpg-recipients '0x376920A4AE80E637!' 2>&1

GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: enter: path=0x5623e664a050, path=/usr/bin/gpg
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 0] = gpg
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 1] = --batch
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 2] = --no-sk-comments
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 3] = --homedir
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 4] = /home/gfa/.gnupg
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 5] = --status-fd
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 6] = 8
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 7] = --no-tty
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 8] = --charset
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[ 9] = utf8
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[10] = --enable-progress-filter
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[11] = --exit-on-status-write-error
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[12] = --display
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[13] = :0
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[14] = --ttyname
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[15] = /dev/pts/2
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[16] = --ttytype
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[17] = screen-256color
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[18] = --logger-fd
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[19] = 12
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[20] = --with-colons
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[21] = --list-keys
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[22] = --
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, argv[23] = 0x376920A4AE80E637!
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, fd[0] = 0x8
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, fd[1] = 0xa -> 0x1
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e664a050, fd[2] = 0xc

that resolves to the ID of my master key, which afterwards is used to encrypt the message

GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: enter: path=0x5623e6860d00, path=/usr/bin/gpg
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 0] = gpg
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 1] = --enable-special-filenames
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 2] = --batch
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 3] = --no-sk-comments
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 4] = --homedir
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 5] = /home/gfa/.gnupg
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 6] = --status-fd
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 7] = 8
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 8] = --no-tty
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[ 9] = --charset
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[10] = utf8
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[11] = --enable-progress-filter
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[12] = --exit-on-status-write-error
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[13] = --display
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[14] = :0
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[15] = --ttyname
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[16] = /dev/pts/2
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[17] = --ttytype
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[18] = screen-256color
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[19] = --logger-fd
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[20] = 10
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[21] = --encrypt
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[22] = -r
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[23] = 1AE0322EB8F74717BDEABF1D44BB1BA79F6C6333
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[24] = --output
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[25] = -
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[26] = --
GPGME 2019-03-11 01:01:32 <0x70a8>    _gpgme_io_spawn: check: path=0x5623e6860d00, argv[27] = -&13

then it fails (fails in the sense is not encrypted with the key i want it to be encrypted) because gpg now chooses whatever subkey it wants from my key instead of the configured ones

Maybe instead of using the first key key_to_use should be equal to --gpg-recipients if they start with 0x ?

let me know if i can help testing or providing more information, thanks for the backend :)

EDIT: typo

@ghoneycutt ghoneycutt added the bug label Apr 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gfa @ghoneycutt @andybotting @jgmchan