[3.16] gpg export / import not working
// Edit: Looks like an upstream issue: https://dev.gnupg.org/T5953
=> I think we should also patch and revert this commit until a fixed release is available, as the developer suggested and debian already did.
An imported gpg secret key from a backup cannot be exported again. The issue only occurs on 3.16, 3.15 is fine.
/ # gpg --export-secret-key --armor F5D5FC8F2AE8CB588F8E240D855D63C0AC88304E
gpg: key 9B5431D6F09843870BB2B6E3DA0BD350D19B925F: error receiving key from agent: Invalid argument - skipped
gpg: WARNING: nothing exported
I can't figure out the keyid in the error message, have never seen it before. After running multiple tests, this error keyid never matches the requested keyid.
Script to reproduce (in docker, DO NOT RUN ON YOUR REGULAR ACCOUNT!):
#!/bin/sh
# install tools
apk add gpg gpg-agent
# remove any existing gpg keyring
rm -rfv ~/.gnupg
# create a new gpg key
script="$(mktemp)"
cat >"$script" <<EOF
Key-Type: EDDSA
Key-Curve: ed25519
Name-Real: Foo Bar
Name-Email: foo@bar.com
Expire-Date: 0
%no-protection
%commit
EOF
gpg --batch --generate-key "$script"
keyid="$(gpg --quiet --batch --list-secret-keys --fingerprint --with-colons | sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1/p')"
# export private and public key to temporary directory
tmpdir="$(mktemp -d)"
gpg --export-secret-key --armor $keyid >$tmpdir/$keyid
gpg --export --armor $keyid >$tmpdir/$keyid.pub
# remove gpg keyring
rm -rfv ~/.gnupg
# import the keys again
find $tmpdir -type f -and -not -name "*.rev" | xargs gpg --yes --batch --quiet --import
gpg --export-secret-key --armor $keyid
gpg --export-secret-key --armor $keyid
Furthermore, the testscript works in about 50% of time, resulting in a correct exports again:
/ # ash ./test.sh
OK: 11 MiB in 27 packages
removed '/root/.gnupg/pubring.kbx'
removed '/root/.gnupg/S.gpg-agent.extra'
removed '/root/.gnupg/S.gpg-agent.ssh'
removed '/root/.gnupg/trustdb.gpg'
removed '/root/.gnupg/private-keys-v1.d/6352B488147CFDE2226E563373131F8F7017BDE0.key'
removed directory: '/root/.gnupg/private-keys-v1.d'
removed '/root/.gnupg/S.gpg-agent'
removed '/root/.gnupg/S.gpg-agent.browser'
removed '/root/.gnupg/pubring.kbx~'
removed directory: '/root/.gnupg'
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/B176872EBC30C8603F85C125BF366552821AB72D.rev'
removed '/root/.gnupg/pubring.kbx'
removed '/root/.gnupg/S.gpg-agent.extra'
removed '/root/.gnupg/S.gpg-agent.ssh'
removed '/root/.gnupg/trustdb.gpg'
removed '/root/.gnupg/private-keys-v1.d/3092726BEF05E4AA844B11DF768C787E06075EDF.key'
removed directory: '/root/.gnupg/private-keys-v1.d'
removed '/root/.gnupg/S.gpg-agent'
removed '/root/.gnupg/S.gpg-agent.browser'
removed '/root/.gnupg/pubring.kbx~'
removed '/root/.gnupg/openpgp-revocs.d/B176872EBC30C8603F85C125BF366552821AB72D.rev'
removed directory: '/root/.gnupg/openpgp-revocs.d'
removed directory: '/root/.gnupg'
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEYqMRnhYJKwYBBAHaRw8BAQdAPkjqIm+5MmAjwmPZOhA3YJdpfE+jq6nUBCpO
yoBtapgAAP9NCc1VjNsNZ26IYWLo6b0/pSSfzKmgQd6ewkg+JiefqBDutBVGb28g
QmFyIDxmb29AYmFyLmNvbT6IkAQTFggAOBYhBLF2hy68MMhgP4XBJb82ZVKCGrct
BQJioxGeAhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEL82ZVKCGrct++MB
AKfNsmy+MRJQOcc5YIVDlx3UFToIc3S+3mM9NDWeE2URAPkBIFXnbUzm8LQ3jeQj
s3myWVuGvDR8UysKTUpht5EpDA==
=H/Nt
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEYqMRnhYJKwYBBAHaRw8BAQdAPkjqIm+5MmAjwmPZOhA3YJdpfE+jq6nUBCpO
yoBtapgAAP9NCc1VjNsNZ26IYWLo6b0/pSSfzKmgQd6ewkg+JiefqBDutBVGb28g
QmFyIDxmb29AYmFyLmNvbT6IkAQTFggAOBYhBLF2hy68MMhgP4XBJb82ZVKCGrct
BQJioxGeAhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEL82ZVKCGrct++MB
AKfNsmy+MRJQOcc5YIVDlx3UFToIc3S+3mM9NDWeE2URAPkBIFXnbUzm8LQ3jeQj
s3myWVuGvDR8UysKTUpht5EpDA==
=H/Nt
-----END PGP PRIVATE KEY BLOCK-----
/ # ash ./test.sh
OK: 11 MiB in 27 packages
removed '/root/.gnupg/pubring.kbx'
removed '/root/.gnupg/S.gpg-agent.extra'
removed '/root/.gnupg/S.gpg-agent.ssh'
removed '/root/.gnupg/trustdb.gpg'
removed '/root/.gnupg/private-keys-v1.d/3092726BEF05E4AA844B11DF768C787E06075EDF.key'
removed directory: '/root/.gnupg/private-keys-v1.d'
removed '/root/.gnupg/S.gpg-agent'
removed '/root/.gnupg/S.gpg-agent.browser'
removed '/root/.gnupg/pubring.kbx~'
removed directory: '/root/.gnupg'
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/32FFE707F3519401F100D3095B1E9E3CB17304A2.rev'
removed '/root/.gnupg/pubring.kbx'
removed '/root/.gnupg/S.gpg-agent.extra'
removed '/root/.gnupg/S.gpg-agent.ssh'
removed '/root/.gnupg/trustdb.gpg'
removed '/root/.gnupg/private-keys-v1.d/3A9C9D966DBD1E5E27D5171BADC88600F9B392A3.key'
removed directory: '/root/.gnupg/private-keys-v1.d'
removed '/root/.gnupg/S.gpg-agent'
removed '/root/.gnupg/S.gpg-agent.browser'
removed '/root/.gnupg/pubring.kbx~'
removed '/root/.gnupg/openpgp-revocs.d/32FFE707F3519401F100D3095B1E9E3CB17304A2.rev'
removed directory: '/root/.gnupg/openpgp-revocs.d'
removed directory: '/root/.gnupg'
gpg: key 3A9C9D966DBD1E5E27D5171BADC88600F9B392A3: error receiving key from agent: Invalid argument - skipped
gpg: WARNING: nothing exported
gpg: key 3A9C9D966DBD1E5E27D5171BADC88600F9B392A3: error receiving key from agent: Invalid argument - skipped
gpg: WARNING: nothing exported
The key cannot be exported or used to sign a message:
/ # gpg --sign --armor
servus
gpg: signing failed: Invalid argument
-----BEGIN PGP MESSAGE-----
gpg: signing failed: Invalid argument
Trying to run multiple imports does not resolve the issue, so i suspect the key or the export to be wrong.