我正在尝试签署某人的 GPG 密钥,但不断收到一个奇怪的错误:
# for example
$ gpg --sign-key [email protected]
pub rsa2048/DBD2CE893E2D1C87
created: 2017-06-27 expires: never usage: SC
trust: unknown validity: unknown
sub rsa2048/C714D46F0AB88BAA
created: 2017-06-27 expires: never usage: E
[ unknown] (1). Christoph Feck <[email protected]>
gpg: using "5F6E4C40D1D8450B" as default secret key for signing
pub rsa2048/DBD2CE893E2D1C87
created: 2017-06-27 expires: never usage: SC
trust: unknown validity: unknown
Primary key fingerprint: F232 75E4 BF10 AFC1 DF69 14A6 DBD2 CE89 3E2D 1C87
Christoph Feck <[email protected]>
Are you sure that you want to sign this key with your
key "Caleb Xavier Berger (Master Hardware Key) <[email protected]>" (5F6E4C40D1D8450B)
Really sign? (y/N) y
gpg: signing failed: No secret key
gpg: signing failed: No secret key
Key not changed so no update needed.
但我可以正常运行命令gpg --sign,并获取您期望的签名消息:
$ gpg --sign --armor
gpg: using "5F6E4C40D1D8450B" as default secret key for signing
memes!
-----BEGIN PGP MESSAGE-----
owGbwMvMwCG29qzhPD2zoGLG07xJDMlt091zU3NTixW5OkpZGMQ4GGTFFFlSpYV7
7ny+uvHfx612MOWsTEC1PgxcnAIwkUNmDP/UOBcekTt6v2qurMVGg5cf16Qsjytq
aXRKYGj8sT8vZ0IkI8N/u85nUy5s83SZ0cesEB/2LOfA3ZWNMx5ucKpd9okrazcz
AA==
=/7Ap
-----END PGP MESSAGE-----
如果相关的话,我的密钥存储在我一直插入的 YubiKey 上。它显示正常gpg --list-secret-keys并且gpg --card-edit似乎也能正常工作。
密钥签名有何不同,可能会造成破坏?
答案1
在这种情况下,我实际上没有可以签名的子密钥键(这与签署数据等不同)。
$ gpg2 -K
/home/caleb/.gnupg/pubring.kbx
------------------------------
sec# ed25519 2020-10-18 [SC]
857536546D2A161825C8F1E35F6E4C40D1D8450B
uid [ultimate] Caleb Xavier Berger (Master Hardware Key) <[email protected]>
ssb> cv25519 2020-10-18 [E]
ssb> ed25519 2020-10-18 [A]
ssb> ed25519 2020-10-18 [S]
请注意,这里列出的唯一具有此C功能的密钥是sec#-gpg实际上不知道如何获取此密钥,因此我无法从该系统验证密钥。
(值得庆幸的是,我在一个安全的地方保存了该部分密钥的副本!)