Bug 1263618 - gpg cannot read private keys created by gpg2
Summary: gpg cannot read private keys created by gpg2
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: gnupg2
Version: 22
Hardware: i686
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-16 10:15 UTC by Alessandro
Modified: 2015-09-22 07:06 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-22 07:06:57 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
failure message when sending GPG signed mail (53.83 KB, image/png)
2015-09-16 10:15 UTC, Alessandro 		no flags Details
View All

Description Alessandro 2015-09-16 10:15:08 UTC 
Created attachment 1073945 [details]
failure message when sending GPG signed mail

Description of problem:
When trying to send GPG signed mail in Evolution, the message fails to send with the error:
Could not create message.
Because "gpg: skipped "EC328DE0": the secret key is not available
gpg: signing failed: the secret key is not available
", you may need to select different mail options.

Version-Release number of selected component (if applicable):
evolution-3.16.5-1.fc22.i686
gnupg2-2.1.7-1.fc22.i686

How reproducible:
Every time mail is sent with gpg signature

Steps to Reproduce:
1.Configure Security using an imported OpenPGP Key ID and make sure mail is being sent that is being sent.

Actual results:
mail not sent (posta001.png)


Expected results:
Mail signed with GPG sends successfully.

Additional info:
Comment 1 Milan Crha 2015-09-16 15:49:20 UTC 
Thanks for a bug report. As far as I can tell, you imported only your public key, not the private+public key. That corresponds with the error message:

> gpg: skipped "EC328DE0": the secret key is not available
> gpg: signing failed: the secret key is not available

If you run:
   $ gpg --list-keys
then you'll see there yours EC328DE0, but if you'll run:
   $ gpg --list-secret-keys
then it'll not be there, most likely.

The thing is that the signing is done with the private key, thus anyone having a copy of your public key can verify that the message didn't change and that it's signed by you (by your private key, which only you have).

On the other hand, encryption is done with public keys, thus only the user whom has the private key can decrypt the message.
Comment 2 Alessandro 2015-09-16 21:03:38 UTC 
Hi Milan, thanks for reply,

I've tried to run

$ gpg --list-keys
and
$ gpg --list-secret-keys

and output was the same thing, my EC328DE0 in .gnupg/pubring.kbx, maybe evolution doesn't work very well with gpg2. I should try with gpg version 1.
Comment 3 Milan Crha 2015-09-17 06:06:19 UTC 
Evolution switched to using (prefer) gpg over gpg2 due to:
https://bugzilla.gnome.org/show_bug.cgi?id=745050

If both are installed, gpg is used. If they store keys differently, in an incompatible way, then it makes sense what the gpg2 offers is not the same what gpg sees.
Comment 4 Alessandro 2015-09-17 15:39:30 UTC 
ok, thanks for your explanation.
I have both installed, and now, after creating a new gpg key with gpg version1, Evolution works fine.
Comment 5 Milan Crha 2015-09-22 05:25:16 UTC 
Thanks for the confirmation. I do not know the gpg/gpg2 internals, thus I'm moving this to gpg2, at least for a confirmation that keys created in gpg2 cannot be used by gpg on purpose.
Comment 6 Tomas Mraz 2015-09-22 07:06:57 UTC 
Yes, it is true that gpg cannot read secret keys created by gpg2 2.1.x. And the change was intentional by upstream.
Note You need to log in before you can comment on or make changes to this bug.