Bug 1263618 - gpg cannot read private keys created by gpg2
gpg cannot read private keys created by gpg2
Product: Fedora
Classification: Fedora
Component: gnupg2 (Show other bugs)
i686 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-16 06:15 EDT by Alessandro
Modified: 2015-09-22 03:06 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-22 03:06:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
failure message when sending GPG signed mail (53.83 KB, image/png)
2015-09-16 06:15 EDT, Alessandro
no flags Details

  None (edit)
Description Alessandro 2015-09-16 06:15:08 EDT
Created attachment 1073945 [details]
failure message when sending GPG signed mail

Description of problem:
When trying to send GPG signed mail in Evolution, the message fails to send with the error:
Could not create message.
Because "gpg: skipped "EC328DE0": the secret key is not available
gpg: signing failed: the secret key is not available
", you may need to select different mail options.

Version-Release number of selected component (if applicable):

How reproducible:
Every time mail is sent with gpg signature

Steps to Reproduce:
1.Configure Security using an imported OpenPGP Key ID and make sure mail is being sent that is being sent.

Actual results:
mail not sent (posta001.png)

Expected results:
Mail signed with GPG sends successfully.

Additional info:
Comment 1 Milan Crha 2015-09-16 11:49:20 EDT
Thanks for a bug report. As far as I can tell, you imported only your public key, not the private+public key. That corresponds with the error message:

> gpg: skipped "EC328DE0": the secret key is not available
> gpg: signing failed: the secret key is not available

If you run:
   $ gpg --list-keys
then you'll see there yours EC328DE0, but if you'll run:
   $ gpg --list-secret-keys
then it'll not be there, most likely.

The thing is that the signing is done with the private key, thus anyone having a copy of your public key can verify that the message didn't change and that it's signed by you (by your private key, which only you have).

On the other hand, encryption is done with public keys, thus only the user whom has the private key can decrypt the message.
Comment 2 Alessandro 2015-09-16 17:03:38 EDT
Hi Milan, thanks for reply,

I've tried to run

$ gpg --list-keys
$ gpg --list-secret-keys

and output was the same thing, my EC328DE0 in .gnupg/pubring.kbx, maybe evolution doesn't work very well with gpg2. I should try with gpg version 1.
Comment 3 Milan Crha 2015-09-17 02:06:19 EDT
Evolution switched to using (prefer) gpg over gpg2 due to:

If both are installed, gpg is used. If they store keys differently, in an incompatible way, then it makes sense what the gpg2 offers is not the same what gpg sees.
Comment 4 Alessandro 2015-09-17 11:39:30 EDT
ok, thanks for your explanation.
I have both installed, and now, after creating a new gpg key with gpg version1, Evolution works fine.
Comment 5 Milan Crha 2015-09-22 01:25:16 EDT
Thanks for the confirmation. I do not know the gpg/gpg2 internals, thus I'm moving this to gpg2, at least for a confirmation that keys created in gpg2 cannot be used by gpg on purpose.
Comment 6 Tomas Mraz 2015-09-22 03:06:57 EDT
Yes, it is true that gpg cannot read secret keys created by gpg2 2.1.x. And the change was intentional by upstream.

Note You need to log in before you can comment on or make changes to this bug.