Home → Stable →

GPGMail: Unusable public key

• Edit

Roel

16 Jun, 2018 06:02 AM

GPGMail gives this error
gpg: 044285E06DA3E49053166822D508936BC3BD0390: skipped: Unusable public key
gpg: [stdin]: encryption failed: Unusable public key

The root of the problem:
* I have an old public/private key pair that expired and for which I revoked the public key * I have a new public/private key pair for the same email address * I get that error every time when trying to send an email from that address

However I do not want to delete my old private key as I still want to be able to decrypt messages in my inbox under that key.

1. Support Staff 1 Posted by Steve on 16 Jun, 2018 06:41 AM

   

   Hi Roel,

   welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

   Let's check if your key is ok:

   1. open GPG Keychain
      
   2. double click your sec/pub key
      
   3. search for "Validity" in key tab and post the value to your discussion
      
   4. search for "Validity" in subkey tab and post the value to your discussion

   Should your key have expired, please re-new the expiration date in the key tab. To renew the subkey, click the cogwheel icon in the subkey tab and update the expiration date.

   To test the change, send a signed and encrypted test email to yourself. Are you able to decrypt and verify the signature successfully?

   In case your key resides on the public key servers, don't forget to upload your updated key, so that the changes are reflected there as well.

   We have open tickets to address this problem. Ideally GPG Keychain and GPGMail would be more pro-active about expiring keys and inform users ahead of the expiry date and explain how by extending the expiry date the key can be used in the future.

   Best regards,
   Steve

   • Edit

2. 2 Posted by Roel Peeters on 16 Jun, 2018 08:14 PM

   

   Dear Steve,

   The problem is that I have two different keys for the same email address.

   One that has expired, which I also revoked and the current one. From a security point of view this is a much better practise than constantly renewing keys. However I do not want to delete the old key, as some of my older emails are encrypted with it.

   Best,
   Roel

   • signature.asc 875 Bytes
   • Edit

3. Support Staff 3 Posted by Steve on 17 Jun, 2018 01:45 AM

   

   Your key with fingerprint 044285E06DA3E49053166822D508936BC3BD0390 has an expired subkey.

   That key is not revoked so I assume it is the key you use currently.

   You need to renew the subkey or create a new subkey and you should be good.

   Best,
   steve

   • Edit

4. 4 Posted by Roel Peeters on 17 Jun, 2018 06:32 AM

   

   Thank you Steve, that worked

   Just an idea: maybe the GPG keychain should show the validity of expired keys also as red ?

   Best,
   Roel

   • signature.asc 875 Bytes
   • Edit

5. Support Staff 5 Posted by Steve on 17 Jun, 2018 10:08 AM

   

   It should. Does it not? If your subkey is expired, your key is not expired. But yes, GPG Keychain should warn users their subkey is about to expire. And ideally it should offer easy steps to update the subkey.

   We have open tickets for that.

   Enjoy your weekend,
   steve

   • Edit

6. Steve closed this discussion on 05 Sep, 2018 04:32 PM.

7. Steve re-opened this discussion on 05 Sep, 2018 04:32 PM

8. Steve closed this discussion on 05 Sep, 2018 04:33 PM.