Mailing List Archive

On Montag, 22. August 2022 20:53:03 CEST theaetetos--- via Gnupg-users wrote:
> I am encountering a certain warning regarding my ed25519/cv25519
> encryption key. When I export the freshly generated encryption subkey
> and then reimport it, I get the following:
> >gpg: Schl?ssel 20628B8C51751C49: "some name <some@email.domain>"
> >nicht ge?ndert
> >gpg: warning: lower 3 bits of the secret key are not cleared
[...]
> gpg2 --version
> >
> >gpg (GnuPG) 2.3.3
> >libgcrypt 1.9.4

The solution is easy: Use gpg 2.3.7.

Regards,
Ingo

Hi, Ingo.


Aug 22, 2022, 21:07 by kloecker@kde.org:

>> gpg2 --version
>> >
>> >gpg (GnuPG) 2.3.3
>> >libgcrypt 1.9.4
>>
>
> The solution is easy: Use gpg 2.3.7.
>

Are you sure this should suffice? I went back and rebuilt my libgcrypt and GnuPG to the latest stable versions and I still get this warning message whenever I import a generated cv25519 key into GnuPG.

$ gpg --version
gpg (GnuPG) 2.3.7
libgcrypt 1.10.1

A sample from a minute ago - importing a freshly-generated ed25519/cv25519 into a cleaned .gnupg directory:

$ gpg --import sec_key.asc
gpg: Die "Keybox" `/home/patriv/.gnupg/pubring.kbx' wurde erstellt
gpg: /home/patriv/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: Schlüssel 0xA329C3915147EE22: Öffentlicher Schlüssel "a@a.a" importiert
gpg: warning: lower 3 bits of the secret key are not cleared
gpg: Schlüssel 0xA329C3915147EE22: geheimer Schlüssel importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1
gpg:              gelesene geheime Schlüssel: 1
gpg:            geheime Schlüssel importiert: 1


$ gpg --list-keys
/home/patriv/.gnupg/pubring.kbx
-----------------------------------------------------
pub   ed25519/0xA329C3915147EE22 2022-08-23 [SC] [verfällt: 2023-08-23]
  Schl.-Fingerabdruck = 7B3D 88CF 8496 94CF 76BF  F0D6 A329 C391 5147 EE22
uid                [ unbekannt ] a@a.a
sub   cv25519/0xCD8D3BE3BC5604AA 2022-08-23 [E] [verfällt: 2023-08-23]

Best regards,
~Patrizio


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On Dienstag, 23. August 2022 10:44:52 CEST theaetetos--- via Gnupg-users
wrote:
> Aug 22, 2022, 21:07 by kloecker@kde.org:
> >> gpg2 --version
> >>
> >> >gpg (GnuPG) 2.3.3
> >> >libgcrypt 1.9.4
> >
> > The solution is easy: Use gpg 2.3.7.
>
> Are you sure this should suffice?

Yes, I'm pretty sure. I followed your steps in a fresh GNUPGHOME and didn't
see the warning message. I didn't protect the test keys with a passphrase
though.

I'm using openSUSE Tumbleweed.

$ gpg --version
gpg (GnuPG) 2.3.7
libgcrypt 1.9.4-unknown

Or have I accidentally used
$ gpg --version
gpg (GnuPG) 2.3.8-beta28
libgcrypt 1.11.0
NOTE: THIS IS A DEVELOPMENT VERSION!
?

I'm not sure. I intended to test with the distro versions.

Regards,
Ingo

Thank you for taking the time to test, Ingo.


Aug 23, 2022, 10:18 by kloecker@kde.org:

> Yes, I'm pretty sure. I followed your steps in a fresh GNUPGHOME and didn't
> see the warning message. I didn't protect the test keys with a passphrase
> though.
>
The use of passphrase may be responsible.
I tested it on Fedora 36 and FreeBSD 13.1.
Fedora uses GnuPG 2.3.7 and I built the git master branch on FreeBSD.

$ gpg --version
gpg (GnuPG) 2.3.8-unknown
libgcrypt 1.10.1

In both cases, I get the warning when importing a cv25519 key.
Likewise, when no passphrase is used, there is no warning message.

I haven't tried upgrading libgcrypt to something current; perhaps it could help.

Sincerely,
~Patrizio

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users