如何解决gpg 在它可用时声称“没有密钥”
我正在尝试使用 gpg --sign-key 签署另一个公钥,然后 signing Failed: No secret key 出现错误
完整输出:
❯ gpg --ask-cert-level --sign-with tinoheuberger@protonmail.com --sign-key 0x9303B33A305224CB
pub rsa4096/0x9303B33A305224CB
created: 2017-10-05 expires: never usage: C
trust: unkNown validity: unkNown
sub rsa4096/0x9B79B45691DB4173
created: 2017-10-05 expires: 2021-07-27 usage: S
sub rsa4096/0xDAB71C6FBCD75257
created: 2017-10-05 expires: 2021-07-27 usage: E
sub rsa4096/0x7651CCCB55BC4D56
created: 2017-10-05 expires: 2021-07-27 usage: A
[ unkNown] (1). --------------) <----------------->
pub rsa4096/0x9303B33A305224CB
created: 2017-10-05 expires: never usage: C
trust: unkNown validity: unkNown
Primary key fingerprint: A8FC 55F3 B04B A314 6F34 92E7 9303 B33A 3052 24CB
----- (-----) <-------->
How carefully have you verified the key you are about to sign actually belongs
to the person named above? If you don't kNow what to answer,enter "0".
(0) I will not answer. (default)
(1) I have not checked at all.
(2) I have done casual checking.
(3) I have done very careful checking.
Your selection? (enter '?' for more information): 3
Are you sure that you want to sign this key with your
key "Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>" (0xB4B88025927E502D)
I have checked this key very carefully.
Really sign? (y/N) y
gpg: signing Failed: No secret key
gpg: signing Failed: No secret key
Key not changed so no update needed.
这个命令虽然没有问题:
echo "test message string" | gpg --armor --clearsign > signed.txt
gpg -K 的输出
/home/cobra/.gnupg/pubring.kbx
------------------------------
sec# rsa4096/0xB4B88025927E502D 2021-04-05 [C]
Key fingerprint = 90BD 307D 847F 7524 EA22 2F27 B4B8 8025 927E 502D
uid [ultimate] Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>
ssb> rsa4096/0x4AE34056E26AE417 2021-04-05 [S] [expires: 2022-04-05]
ssb> rsa4096/0x1F0B2D0F39B5549D 2021-04-05 [E] [expires: 2022-04-05]
ssb> rsa4096/0x3659102D72DF0E6C 2021-04-05 [A] [expires: 2022-04-05]
和 gpg --card-status 的输出(我使用的是 yubikey):
❯ gpg --card-status
Reader ...........: 1050:0407:X:0
Application ID ...: D2760001240103040006111828330000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 11182833
Name of cardholder: Tino Heuberger
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: tinoheuberger@protonmail.com
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 28
KDF setting ......: off
Signature key ....: 7C2C E04B 91AE 02D5 1935 F438 4AE3 4056 E26A E417
created ....: 2021-04-05 16:31:24
Encryption key....: 6408 7413 4AEC F845 E176 D6C9 1F0B 2D0F 39B5 549D
created ....: 2021-04-05 16:32:46
Authentication key: 45E1 05AD 16FA F864 16BB CC75 3659 102D 72DF 0E6C
created ....: 2021-04-05 16:33:35
General key info..: sub rsa4096/0x4AE34056E26AE417 2021-04-05 Tino Heuberger (Personal MasterKey) <tinoheuberger@protonmail.com>
sec# rsa4096/0xB4B88025927E502D created: 2021-04-05 expires: never
ssb> rsa4096/0x4AE34056E26AE417 created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
ssb> rsa4096/0x1F0B2D0F39B5549D created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
ssb> rsa4096/0x3659102D72DF0E6C created: 2021-04-05 expires: 2022-04-05
card-no: 0006 11182833
我不知道我不能使用 gpg --sign-key 而所有其他 gpg 命令都可以正常工作
解决方法
过了一段时间,我终于明白了。
gpg --sign-key 仅在您拥有主密钥的私钥时才有效,这意味着我必须在我的离线机器上使用主私钥对公钥进行签名。子键不适用于 gpg --sign-key
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
