[pkg-gnupg-maint] Bug#834922: gnupg: No more able to sign with my 4096R key since the switch to GnuPG 2.x, but still able to sign with my old 1024D key

Axel Beckert abe at debian.org
Sun Aug 21 13:05:40 UTC 2016 

Hi Werner,

Werner Koch wrote:
> can you please run 
> 
>   echo foo | gpg --clearsign -v --debug ipc
> 
> which shows the communication with gpg-agent.  It won't show passphrases
> or secret key material, but if you prefer, send the output to my by PM.

Will do per PM. Just some more information about the issue:

* It happened locally under X on my workstation at home running Sid
  amd64 with sysvinit, last reboot after that GnuPG upgrade.

* It does not happen locally under X on my Thinkpad running Sid amd64
  with systemd, last update after that GnuPG upgrade. (So I still can
  do stuff from there. *phew* :-)

I also tried it remote via SSH on some other Sid-running machines, but
I feel that this may be a different case then when running it locally
under X, so probably less relevant for this case:

* If I try it remote via SSH on my EeePC running Sid i386 and sysvinit, it
  fails differently, despite no local X session of that user is running:

    gpg: WARNING: server 'gpg-agent' is older than us (2.1.11 < 2.1.14)
    gpg: using "2FF9CD59612616B5" as default secret key for signing
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    foo
    gpg: signing failed: Operation cancelled
    gpg: [stdin]: clearsign failed: Operation cancelled

  The same happens also if I try to use my old 1024D key using the
  --default-key command-line option. So maybe unrelated.

  (Last reboot before that GnuPG upgrade. Killing the gpg-agent
  running since 13th of August did not change the output except that
  warning about the older gpg-agent version is gone.)

* If I try it remote via SSH in some Xen DomU (a Xen VM) running Sid
  amd64 with sysvinit and not rebooted for months, it gives me even
  another error message:

    gpg: using "2FF9CD59612616B5" as default secret key for signing
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    foo
    gpg: signing failed: Inappropriate ioctl for device
    gpg: [stdin]: clearsign failed: Inappropriate ioctl for device

  The same happens also if I try to use my old 1024D key using the
  --default-key command-line option. So maybe unrelated.

  (There seemed no gpg-agent running and now there is one running from
  about the time where I got the above output.)

> You may also want to kill a running gpg-agent first so that gpg can
> restart a new one.

Thanks for that hint! Will try that later (after the PM) on my
workstation, too.

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

More information about the pkg-gnupg-maint mailing list