Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
gpg: signing failed: Bad secret key
gnupg-users at gnupg
Jan 19, 2024, 11:19 AM
Post #1 of 6 (175 views)
Permalink
When I run `git commit -m` on nixos, I receive this error:

```

error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2
[GNUPG:] BEGIN_SIGNING H10
gpg: signing failed: Bad secret key
[GNUPG:] FAILURE sign 67108871
gpg: signing failed: Bad secret key

fatal: failed to write commit object

```

Here's my git config:

```
[user]
email =leocoogan@existential.beauty
name = Leo Coogan
signingkey = C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
#signingkey = 3D7F617CDE5C9A9B

[commit]
gpgsign = true

```

And here's `gpg -k`:
```
/home/lcoogan/.gnupg/pubring.kbx
--------------------------------
pub ed25519 2023-03-03 [SC] [expires: 2025-03-02]
C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
uid [ultimate] Leo Coogan (Personal)<leocoogan@existential.beauty>
uid [ultimate] Leo Coogan (Personal GPG key)<leocoogan@mailfence.com>
sub cv25519 2023-03-03 [E] [expires: 2025-03-02]

```

The same error happens when I write to a file with `pass`:
```
> pass insert test
An entry already exists for test. Overwrite it? [y/N] y
Enter password for test:
Retype password for test:
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2
[GNUPG:] BEGIN_SIGNING H10
gpg: signing failed: Bad secret key
[GNUPG:] FAILURE sign 67108871
gpg: signing failed: Bad secret key

fatal: failed to write commit object
```

Really not sure what I'm supposed to do. I looked up the error, but I didn't find any sources that had this exact error, 'bad secret key'.

This only happens on my nixos machine. My other machine I run fedora on has never had signing errors.

Any help, advice, or suggestions would be greatly appreciated. I've had this issue for several months, but I've put it off.
Re: gpg: signing failed: Bad secret key [ In reply to ]
gnupg-users at gnupg
Jan 20, 2024, 12:26 PM
Post #2 of 6 (174 views)
Permalink
On Fri, 19 Jan 2024 14:19, Leo Coogan said:
> When I run `git commit -m` on nixos, I receive this error:

For debugging add "verbose" to ~/.gnupg/gpg.conf . This should give you
more information what's up.


Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: gpg: signing failed: Bad secret key [ In reply to ]
gnupg-users at gnupg
Jan 23, 2024, 9:38 AM
Post #3 of 6 (163 views)
Permalink
This is Nixos.

I don't believe I have two binaries of gpg.

My Nixos config contains:

```nix

        programs.gnupg.agent = {
                enable = true;
                enableSSHSupport = true;
        };
```

and the package pinentry-gnome is installed.

I did `which` gpg and gpg2, and gpg2 was a symlink to gpg. So I don't
believe I have another binary of gpg.


```

> gpg -K --with-subkey-fingerprint --with-keygrip  \
         --list-options show-pref-verbose  \
         C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2>&1| wl-copy

gpg: enabled compatibility flags:
gpg: using pgp trust model
sec#  ed25519 2023-03-03 [SC] [expires: 2025-03-02]
      C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
      Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB
uid           [ultimate] Leo Coogan (Personal)
<leocoogan@existential.beauty>
              Cipher: AES256, AES192, AES, 3DES
              AEAD: OCB
              Digest: SHA512, SHA384, SHA256, SHA224, SHA1
              Compression: ZLIB, BZIP2, ZIP, Uncompressed
              Features: MDC, AEAD, Keyserver no-modify
uid           [ultimate] Leo Coogan (Personal GPG key)
<leocoogan@mailfence.com>
              Cipher: AES256, AES192, AES, 3DES
              AEAD: OCB
              Digest: SHA512, SHA384, SHA256, SHA224, SHA1
              Compression: ZLIB, BZIP2, ZIP, Uncompressed
              Features: MDC, AEAD, Keyserver no-modify
ssb   cv25519 2023-03-03 [E] [expires: 2025-03-02]
      143454E3276F11C51D01B35363D14EA6FDB00D9F
      Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21

```

On 1/22/24 02:48, Werner Koch wrote:
> Hi!
>
>> [GNUPG:] KEY_CONSIDERED C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2
>> gpg: writing to stdout
>> [GNUPG:] BEGIN_SIGNING H10
>> gpg: signing failed: Bad secret key
> Plase run
>
> gpg -K --with-subkey-fingerprint --with-keygrip \
> --list-options show-pref-verbose \
> C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
>
>
> Is there a second gpg binary on your system?
>
> Is that Debian?
>
>
> Salam-Shalom,
>
> Werner
>
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: signing failed: Bad secret key [ In reply to ]
gnupg-users at gnupg
Jan 24, 2024, 9:37 AM
Post #4 of 6 (155 views)
Permalink
On Tue, 23 Jan 2024 12:38, Leo Coogan said:

> sec#  ed25519 2023-03-03 [SC] [expires: 2025-03-02]
>       C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
>       Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB

You don't have a signing key. Ther primary key has been taken offline
('#') and can thus not be used for signing.

> ssb   cv25519 2023-03-03 [E] [expires: 2025-03-02]
>       143454E3276F11C51D01B35363D14EA6FDB00D9F
>       Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21

The subkey is not capable of signing (by usage flags and algorithm).

Did you had another signing subkey and that one expired?
Add

--list-options show-unusable-subkeys

to the listing command to check.


Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: gpg: signing failed: Bad secret key [ In reply to ]
gnupg-users at gnupg
Jan 24, 2024, 1:05 PM
Post #5 of 6 (151 views)
Permalink
Here's the command run on my fedora machine:

```

> gpg -K  --list-options show-unusable-subkeys
/home/lcoogan/.gnupg/pubring.kbx
--------------------------------
sec   ed25519 2023-03-03 [SC] [expires: 2025-03-02]
      C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
uid           [ultimate] Leo Coogan (Personal)
<leocoogan@existential.beauty>
uid           [ultimate] Leo Coogan (Personal GPG key)
<leocoogan@mailfence.com>
ssb   cv25519 2023-03-03 [E] [expires: 2025-03-02]

```

and on my nixos machine:

```

> gpg -K  --list-options show-unusable-subkeys
gpg: enabled compatibility flags:
gpg: using pgp trust model
/home/lcoogan/.gnupg/pubring.kbx
--------------------------------
sec#  ed25519 2023-03-03 [SC] [expires: 2025-03-02]
      C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
uid           [ultimate] Leo Coogan (Personal)
<leocoogan@existential.beauty>
uid           [ultimate] Leo Coogan (Personal GPG key)
<leocoogan@mailfence.com>
ssb   cv25519 2023-03-03 [E] [expires: 2025-03-02]

```

It looks like there's only that non-functioning signing subkey. Huh. Do
I need to create a new signing subkey?

On 1/24/24 12:37, Werner Koch wrote:
> On Tue, 23 Jan 2024 12:38, Leo Coogan said:
>
>> sec#  ed25519 2023-03-03 [SC] [expires: 2025-03-02]
>>       C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
>>       Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB
> You don't have a signing key. Ther primary key has been taken offline
> ('#') and can thus not be used for signing.
>
>> ssb   cv25519 2023-03-03 [E] [expires: 2025-03-02]
>>       143454E3276F11C51D01B35363D14EA6FDB00D9F
>>       Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21
> The subkey is not capable of signing (by usage flags and algorithm).
>
> Did you had another signing subkey and that one expired?
> Add
>
> --list-options show-unusable-subkeys
>
> to the listing command to check.
>
>
> Salam-Shalom,
>
> Werner
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: signing failed: Bad secret key [ In reply to ]
kloecker at kde
Jan 25, 2024, 4:05 AM
Post #6 of 6 (151 views)
Permalink
On Mittwoch, 24. Januar 2024 22:05:53 CET Leo Coogan via Gnupg-users wrote:
> It looks like there's only that non-functioning signing subkey. Huh. Do
> I need to create a new signing subkey?

Copy the content of ~/.gnupg/private-keys-v1.d from your fedora machine to
your nixox machine (after making a backup) to restore the missing secret key.

Regards,
Ingo

> On 1/24/24 12:37, Werner Koch wrote:
> > On Tue, 23 Jan 2024 12:38, Leo Coogan said:
> >> sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02]
> >>
> >> C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
> >> Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB
> >
> > You don't have a signing key. Ther primary key has been taken offline
> > ('#') and can thus not be used for signing.
> >
> >> ssb cv25519 2023-03-03 [E] [expires: 2025-03-02]
> >>
> >> 143454E3276F11C51D01B35363D14EA6FDB00D9F
> >> Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21
> >
> > The subkey is not capable of signing (by usage flags and algorithm).
> >
> > Did you had another signing subkey and that one expired?
> > Add
> >
> > --list-options show-unusable-subkeys
> >
> > to the listing command to check.
> >
> >
> > Salam-Shalom,
> >
> > Werner
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal