Bug 1236304

Summary: Importing a secret key exported by gpg1 fails.
Product: [Fedora] Fedora Reporter: Brian Lane <bcl>
Component: gnupg2Assignee: Tomas Mraz <tmraz>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 22CC: bcl, jamielinux, mhsabbagh, rdieter, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 19:13:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brian Lane 2015-06-27 14:57:57 UTC 
gnupg-1.4.19-1.fc22.x86_64
gnupg2-2.1.5-1.fc22.x86_64

While re-encrypting some things with my new gpg key I found that gpg2 was not decrypting while gpg1 works fine.

[test@lister ~]$ gpg2 --import s.key 
gpg: key 0F5017DE: "Brian C. Lane <coderpunk>" not changed
gpg: key 0F5017DE/0F5017DE: error sending to agent: No such file or directory
gpg: error building skey array: No such file or directory
gpg: Total number processed: 3
gpg:              unchanged: 1
gpg:       secret keys read: 3

The same error happens when importing ascii armor or binary export of the key from gpg1. Import of the public key works fine.
Comment 1 Brian Lane 2015-06-27 14:59:57 UTC 
Crap, hit submit too soon.

So while trying to figure out the decrypt problem I realized it didn't have any of my gpg1 secret keys. I tried importing from my ascii armor backups, and from a new binary export of the key. These same files are successfully re-imported to gpg1
Comment 2 Tomas Mraz 2015-06-30 08:00:38 UTC 
I am afraid there is some incompatibility between gnupg1 and gnupg2.1x in how it handles the keyrings. In some cases (not every time) the keyrings that can be used by gnupg1 are broken with gnupg2.
Does the workaround as described here work for you:
https://bugzilla.redhat.com/show_bug.cgi?id=1227072#c3
Comment 3 Brian Lane 2015-06-30 23:59:15 UTC 
(In reply to Tomas Mraz from comment #2)
> I am afraid there is some incompatibility between gnupg1 and gnupg2.1x in
> how it handles the keyrings. In some cases (not every time) the keyrings
> that can be used by gnupg1 are broken with gnupg2.
> Does the workaround as described here work for you:
> https://bugzilla.redhat.com/show_bug.cgi?id=1227072#c3

No, I was testing the import with a totally new user so that .gnupg was created by gpg2 and it didn't work.
Comment 4 Tomas Mraz 2015-07-01 15:37:36 UTC 
I'm trying to reproduce but I am unable to - a secret key exported from gpg is imported fine to gnupg-2.1.5 for me.

Perhaps there is some issue with the gpg-agent on your machine. The 'error sending to agent: No such file or directory' looks like that. Is there gpg-agent running? It should be autostarted by gpg2 if it is not running though.

Perhaps you could try stracing gpg2 to find out where the ENOENT happens?
Comment 5 Fedora End Of Life 2016-07-19 19:13:24 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 6 M.Hanny Sabbagh 2017-02-05 20:43:06 UTC 
I am facing the exact same problem here on Fedora 25. I have exported the key and tried to import it on Ubuntu 16.10. But the same message appeared.

Also, it displays "[unknown]" in the place of the key when running gpg -k.