On Wed 2015-01-21 05:10:28 -0500, Jogi Hofmüller wrote:
> I was informed that the description in my last email was not verbose
> enough to reproduce the problem. So here is more (hopefully useful) info.
Thanks, i think it is useful.
> The original problem occurs when enigmail attempts to list all keys on
> my key ring. It obviously uses this command line:
>
> /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --batch --no-tty
> --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-keys
>
> Running this in a terminal produces the following output on stderr
> (stdout is redirected to /dev/null):
>
> prompt ~ % /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --batch
> --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode
> --with-colons --list-keys > /dev/null
> gpg: Oops: keyid_from_fingerprint: no pubkey
> gpg: Note: signatures using the MD5 algorithm are rejected
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> [GNUPG:] KEYEXPIRED XXXXXXXXXX
> [GNUPG:] SIGEXPIRED
> 2 prompt ~ %
>
> The 2 above indicates the return value of gpg2.
This error is being returned because of the line:
gpg: Oops: keyid_from_fingerprint: no pubkey
> The output differs in two ways:
>
> * wherever gpg marks a pub key escaESCA gpg2 will mark it esca
> * the fingerprint for a key marked esca in gpg2 will be all 0. Keys of
> this form are all old (from the 1990ies) and use MD5 hashes ...
It sounds to me like these are OpenPGPv3 ("PGP-2") keys, which are
probably due to be replaced. Can you try stashing those keys in a
separate file, and then removing them from your public keyring?
something like (where $key1,$key2, and $key3 are the keyids of these old
keys):
gpg --export-options export-local --armor --export $key1 $key2 $key3 >
openpgpv3.backup
gpg --delete-key $key1 $key2 $key3
Then does the gpg2 --list-keys command return 2 as well?
I don't think that simply having v3 keys in your keyring should make gpg
--list-keys return a non-zero value, but i'd like to know if it does.
Also, if you're using these packages from debian, what version of the
debian packages are you running (different versions have different
patches applied)? you can see that with:
dpkg -l gnupg gnupg2
Regards,
--dkg
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
