Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't add subkey: gpg: error reading key: No secret key #353

Open
ondralukes opened this issue May 9, 2021 · 3 comments
Open

Can't add subkey: gpg: error reading key: No secret key #353

ondralukes opened this issue May 9, 2021 · 3 comments

Comments

@ondralukes
Copy link

Hi,
I'm trying to add new trezor-based subkey to my keyring, but trezor-gpg init fails with message gpg: error reading key: No secret key.

This is my keyring:

/home/ondra/.gnupg/pubring.kbx
------------------------------
sec   rsa4096 2020-07-28 [C]
      B07CB51EBE8C033214491B212F13A14459D959DA
uid           [ultimate] Ondřej Lukeš <[email protected]>
ssb   rsa4096 2020-07-28 [S]
ssb   rsa4096 2020-07-28 [E]

And this is output of trezor-gpg init "Ondřej Lukeš <[email protected]>" --subkey -v:

2021-05-09 11:18:37,461 WARNING      This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__init__.py:118]
2021-05-09 11:18:37,465 INFO         device name: trezor                                                                                  [__init__.py:126]
2021-05-09 11:18:37,465 INFO         GPG home directory: /home/ondra/.gnupg/trezor                                                        [__init__.py:131]
2021-05-09 11:18:37,469 WARNING      NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=0" commandline flag (to set the timestamp of the GPG key manually). [__init__.py:33]
2021-05-09 11:18:37,515 INFO         Enumerating BridgeTransport: found 1 devices                                                         [__init__.py:120]
2021-05-09 11:18:37,520 INFO         Enumerating HidTransport: found 0 devices                                                            [__init__.py:120]
2021-05-09 11:18:37,520 INFO         Enumerating UdpTransport: found 0 devices                                                            [__init__.py:120]
2021-05-09 11:18:37,523 INFO         Enumerating WebUsbTransport: found 1 devices                                                         [__init__.py:120]
2021-05-09 11:18:37,523 INFO         creating client instance for device: bridge:2                                                        [client.py:88]
2021-05-09 11:18:38,833 INFO         Enumerating BridgeTransport: found 1 devices                                                         [__init__.py:120]
2021-05-09 11:18:38,836 INFO         Enumerating HidTransport: found 0 devices                                                            [__init__.py:120]
2021-05-09 11:18:38,836 INFO         Enumerating UdpTransport: found 0 devices                                                            [__init__.py:120]
2021-05-09 11:18:38,838 INFO         Enumerating WebUsbTransport: found 1 devices                                                         [__init__.py:120]
2021-05-09 11:18:38,838 INFO         creating client instance for device: bridge:2                                                        [client.py:88]
2021-05-09 11:18:40,140 INFO         adding nist256p1 GPG subkey for "Ondřej Lukeš <[email protected]>" to existing key                  [__init__.py:44]
2021-05-09 11:18:40,145 INFO         please confirm GPG signature on Trezor for "<gpg://Ondřej Lukeš <[email protected]>|nist256p1>"...  [client.py:32]
2021-05-09 11:18:40,147 INFO         Enumerating BridgeTransport: found 1 devices                                                         [__init__.py:120]
2021-05-09 11:18:40,149 INFO         Enumerating HidTransport: found 0 devices                                                            [__init__.py:120]
2021-05-09 11:18:40,149 INFO         Enumerating UdpTransport: found 0 devices                                                            [__init__.py:120]
2021-05-09 11:18:40,150 INFO         Enumerating WebUsbTransport: found 1 devices                                                         [__init__.py:120]
2021-05-09 11:18:40,150 INFO         creating client instance for device: bridge:2                                                        [client.py:88]
gpg: keybox '/home/ondra/.gnupg/trezor/pubring.kbx' created
gpg: armor header: Version: GnuPG v2
gpg: pub  rsa4096/2F13A14459D959DA 2020-07-28  Ond\xc5\x99ej Luke\xc5\xa1 <[email protected]>
gpg: public key 2F13A14459D959DA is 18471 days newer than the signature
gpg: public key 2F13A14459D959DA is 18471 days newer than the signature
gpg: key 2F13A14459D959DA/F3535D8A3AC060A3: invalid subkey binding
gpg: public key 2F13A14459D959DA is 18471 days newer than the signature
gpg: public key 2F13A14459D959DA is 18471 days newer than the signature
gpg: key 2F13A14459D959DA/AACF88C9A5F7E253: invalid subkey binding
gpg: key 2F13A14459D959DA/F3535D8A3AC060A3: skipped subkey
gpg: key 2F13A14459D959DA/AACF88C9A5F7E253: skipped subkey
gpg: /home/ondra/.gnupg/trezor/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: key 2F13A14459D959DA: public key "Ond\xc5\x99ej Luke\xc5\xa1 <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: error reading key: No secret key
Traceback (most recent call last):
  File "/home/ondra/.platformio/penv/bin/trezor-gpg", line 8, in <module>
    sys.exit(gpg_tool())
  File "/home/ondra/.platformio/penv/bin/trezor_agent.py", line 6, in <lambda>
    gpg_tool = lambda: libagent.gpg.main(DeviceType)
  File "/home/ondra/.platformio/penv/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 320, in main
    return args.func(device_type=device_type, args=args)
  File "/home/ondra/.platformio/penv/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 198, in run_init
    check_call(keyring.gpg_command(['--homedir', homedir,
  File "/home/ondra/.platformio/penv/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 104, in check_call
    subprocess.check_call(args=args, stdin=stdin, env=env)
  File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/gpg', '--homedir', '/home/ondra/.gnupg/trezor', '--list-secret-keys', 'Ondřej Lukeš <[email protected]>']' returned non-zero exit status 2.

I think it might be an issue with character encoding, because, as you can see in the output, my name sometimes appears as Ondřej Lukeš and sometimes as Ond\xc5\x99ej Luke\xc5\xa1.
@bettyvschmartz
Copy link

I'm sure this is the case as I had the same issue using onlykey-agent (which is a fork). Had copied a command which had some weird enclosing back quotes around my email address rather than normal quotation symbols. Got the same error as you until I corrected it which suggested the symbol wasn't supported. Still, would be better to get a more accurate error message.

-- BVS

@attila-lendvai
Copy link

the problem is here: https://github.com/romanz/trezor-agent/blob/master/libagent/gpg/__init__.py#L132

and the immediate fix is this:

    if os.path.exists(homedir) and not args.subkey:

@attila-lendvai
Copy link

attila-lendvai commented Sep 13, 2021
edited
Loading

this is most probably fixed by this currently pending PR: #358

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@attila-lendvai @bettyvschmartz @ondralukes