DBG: armor-keys-failed
I started receiving this error after installing a new version of GPGTools:
gpg: DBG: armor-keys-failed
After that error I also receive three of the following:
gpg: Note: signatures using the MD5 algorithm are rejected
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Michael on 29 Mar, 2015 06:46 AM
I forgot to mention I receive the errors when trying to refresh my keys.
Thanks.
Support Staff 2 Posted by Steve on 29 Mar, 2015 12:30 PM
Hi Michael,
thanks for the report. MacGPG2 2.0.27 brought some changes to the way weak keys are handled. MD5 is broken and keys using MD5 are considered weak and should no longer be used.
While the above is somewhat a nifty feature, the way this is currently presented to the user and some other behavior is far from ideal. We are still investigating why this is happening and how to improve the situation.
We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.
All the best,
steve
Support Staff 3 Posted by Steve on 31 Mar, 2015 12:16 PM
Hi Michael,
this issue has been fixed in Libmacgpg. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.
if you have
allow-weak-digest-algosin your gpg.conf, please remove it.Best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.
4 Posted by kinnla on 09 Apr, 2015 04:19 PM
I had a similar problem with a MD5 self-signed key:
- I couldn't import a new UID for a key already in my keychain - then I forced the import with the option allow-non-selfsigned-uid - the fingerprint of the key was displayed as 0000 0000 ... 0000
Now I installed the nightly build, and the fingerprint is displayed correctly. But I can not use the key to encrypt emails (the lock button in the Apple-Mail window is disabled).
Is there any way to enable MD5 self-signed keys for encryption?
Best
Support Staff 5 Posted by Steve on 10 Apr, 2015 06:54 PM
Kinnla, MD5 keys are considered weak and should not be used anymore. The best idea is to create a stronger key.
Comment 3 mentions how to modify the gpg.conf and allow weak digest algos. But this lowers overall security and is totally not recommended to be used.
6 Posted by kinnla on 10 Apr, 2015 10:10 PM
Thx, Steve! This option works for me.
My friend will update her key when there is a chance (she is not an expert). But for now it's good we found a workaround, so we can continue our secure communication.
Support Staff 7 Posted by Steve on 12 Apr, 2015 11:46 AM
ok, thanks for the feedback. Well the communication isn't really secure if weak keys are used.
Maybe you can assist your friend with the key transition. Here's our KB-article covering that: https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/add-self-signatu...
8 Posted by Michael on 15 Apr, 2015 02:09 AM
I've updated to the latest nightly build (1317n) but I still receive the error:
gpg: Note: signatures using the MD5 algorithm are rejected
The error occurs when refreshing my keychain and is not associated with my key pair, but other's.
Is there a way to quickly identify keys using the MD5 algorithm?
Thanks for the help!
9 Posted by Cody on 15 Apr, 2015 09:51 PM
I get this error on Windows
C:\Users\ccook\AppData\Roaming\gnupg>gpg --version
gpg (GnuPG) 2.0.27 (Gpg4win 2.2.4)
libgcrypt 1.6.3
[...] Home: C:/Users/ccook/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
I'm not using md5.
gpg/card> fetch
gpg: requesting key 1010D2A0 from https server codycook.us
gpg: DBG: armor-keys-failed (KEY 0xF540DB52FCF5143FF3CB270DEB6932081010XXXX BEGIN
) ->0 gpg: DBG: armor-keys-failed (KEY 0xF540DB52FCF5143FF3CB270DEB6932081010XXXX FAILED 1
) ->1 gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: General error
10 Posted by Cody on 15 Apr, 2015 09:53 PM
I think I know my problem though, so nevermind. I think I saw it right as I hit comment.
11 Posted by Mento on 13 May, 2015 11:11 AM
To identify keys using md5 you can run the following command:
Every key which a fingerprint only consisting zeros, is a weak key.
This works only, if you haven't set allow-weak-digest-algos in your gpg.conf.
Support Staff 12 Posted by Steve on 25 May, 2015 03:25 PM
Are issues persisting for anybody using the latest nightly build?
Michael where you able to identify the problematic key?
All the best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.
13 Posted by hcb on 18 Jul, 2015 03:17 PM
I had the same problem when receiving keys using the 2015.06 release, but the 1382n nightly seems to have fixed the problem.
Support Staff 14 Posted by Steve on 20 Jul, 2015 10:36 PM
Hi hcb,
there were several issues with key import and the nightly GPG Suite has become a lot more tolerant, when it comes to odd formatted public keys.
Thanks for your feedback and glad things did work out fine using the nightly build.
I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 20 Jul, 2015 10:36 PM.