GPGMail: Unusable public key
GPGMail gives this error
gpg: 044285E06DA3E49053166822D508936BC3BD0390: skipped: Unusable public key
gpg: [stdin]: encryption failed: Unusable public key
The root of the problem:
* I have an old public/private key pair that expired and for which I revoked the public key * I have a new public/private key pair for the same email address * I get that error every time when trying to send an email from that address
However I do not want to delete my old private key as I still want to be able to decrypt messages in my inbox under that key.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 16 Jun, 2018 06:41 AM
Hi Roel,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
Let's check if your key is ok:
Should your key have expired, please re-new the expiration date in the key tab. To renew the subkey, click the cogwheel icon in the subkey tab and update the expiration date.
To test the change, send a signed and encrypted test email to yourself. Are you able to decrypt and verify the signature successfully?
In case your key resides on the public key servers, don't forget to upload your updated key, so that the changes are reflected there as well.
We have open tickets to address this problem. Ideally GPG Keychain and GPGMail would be more pro-active about expiring keys and inform users ahead of the expiry date and explain how by extending the expiry date the key can be used in the future.
Best regards,
Steve
2 Posted by Roel Peeters on 16 Jun, 2018 08:14 PM
Dear Steve,
The problem is that I have two different keys for the same email address.
One that has expired, which I also revoked and the current one. From a security point of view this is a much better practise than constantly renewing keys. However I do not want to delete the old key, as some of my older emails are encrypted with it.
Best,
Roel
Support Staff 3 Posted by Steve on 17 Jun, 2018 01:45 AM
Your key with fingerprint 044285E06DA3E49053166822D508936BC3BD0390 has an expired subkey.
That key is not revoked so I assume it is the key you use currently.
You need to renew the subkey or create a new subkey and you should be good.
Best,
steve
4 Posted by Roel Peeters on 17 Jun, 2018 06:32 AM
Thank you Steve, that worked
Just an idea: maybe the GPG keychain should show the validity of expired keys also as red ?
Best,
Roel
Support Staff 5 Posted by Steve on 17 Jun, 2018 10:08 AM
It should. Does it not? If your subkey is expired, your key is not expired. But yes, GPG Keychain should warn users their subkey is about to expire. And ideally it should offer easy steps to update the subkey.
We have open tickets for that.
Enjoy your weekend,
steve
Steve closed this discussion on 05 Sep, 2018 04:32 PM.
Steve re-opened this discussion on 05 Sep, 2018 04:32 PM
Steve closed this discussion on 05 Sep, 2018 04:33 PM.