Problems using subkeys for encryption and signing
Which of our tools is giving you problems? GPG Keychain, GPGMail
Describe your problem. Add as much detail as possible. I recently created a new gpg keypair. Following the advice on https://wiki.debian.org/Subkeys and several other places, I decided to keep my master key offline on a seperate device, copying just the subkeys on my mac for encryption and signing. So, my mac only has the public portion of the master key and public+private subkeys. Unfortunately, GPG Keychain and GPGMail do not recognise the private subways and treat all the subkeys as just public keys. GPG Keychain lists the key with "Type" as 'pub' and GPGMail says "Secret key is missing" when I open an encrypted email. I have also checked by using GNUPG on the command-line; both signing and encryption work quite well there.
For reference, here's the output of gpg --list-secret-keys:
sec# rsa4096/0xMASTERKEYID 2017-09-03 [SC]
----------KEYGRIP-------------
uid [ultimate] Mohak Shah <[email blocked]>
ssb rsa4096/0xSUBKEYID 2017-09-03 [S] [expires: 2022-09-02]
ssb rsa4096/0xSUBKEYID 2017-09-03 [E] [expires: 2022-09-02]
Are you using any other Mail.app plugins? No
-
gpg.jpeg
102 KB
gpg.jpeg
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Mento on 12 Sep, 2017 12:42 PM
Hi Mohak,
please try this (if you didn't already):
1. Delete the secret keys from your mac.
2. Export your secret keys again from your offline device:
gpg -a --export-secret-subkeys 0xMASTERKEYID > secsubs.asc3. Import secsubs.asc on your mac.
Regards, Mento
2 Posted by Mohak Shah on 12 Sep, 2017 11:32 PM
That worked! I believe the problem was that I had originally imported the subkeys using gpg 2.1 which uses a different store for private keys than gpg 2.0, the version GPGTools use. Anyway, thanks for your help!
P.S.: I hope you guys will move to gpg 2.1 soon. As you might already know, 2.0 is going to reach EOL this december.
Support Staff 3 Posted by Steve on 13 Sep, 2017 08:11 AM
Thanks for the feedback and great news this indeed solved your problem.
gpg 2.2 is already integrated in the nightly build and will be included in the upcoming next beta release.
I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 13 Sep, 2017 08:11 AM.