我正在尝试签署某人的 GPG 密钥,并不断收到一个奇怪的错误:
# for example
$ gpg --sign-key [email protected]
pub rsa2048/DBD2CE893E2D1C87
created: 2017-06-27 expires: never usage: SC
trust: unknown validity: unknown
sub rsa2048/C714D46F0AB88BAA
created: 2017-06-27 expires: never usage: E
[ unknown] (1). Christoph Feck <[email protected]>
gpg: using "5F6E4C40D1D8450B" as default secret key for signing
pub rsa2048/DBD2CE893E2D1C87
created: 2017-06-27 expires: never usage: SC
trust: unknown validity: unknown
Primary key fingerprint: F232 75E4 BF10 AFC1 DF69 14A6 DBD2 CE89 3E2D 1C87
Christoph Feck <[email protected]>
Are you sure that you want to sign this key with your
key "Caleb Xavier Berger (Master Hardware Key) <[email protected]>" (5F6E4C40D1D8450B)
Really sign? (y/N) y
gpg: signing failed: No secret key
gpg: signing failed: No secret key
Key not changed so no update needed.
但我可以运行命令,就像gpg --sign你期望的那样得到签名消息:
$ gpg --sign --armor
gpg: using "5F6E4C40D1D8450B" as default secret key for signing
memes!
-----BEGIN PGP MESSAGE-----
owGbwMvMwCG29qzhPD2zoGLG07xJDMlt091zU3NTixW5OkpZGMQ4GGTFFFlSpYV7
7ny+uvHfx612MOWsTEC1PgxcnAIwkUNmDP/UOBcekTt6v2qurMVGg5cf16Qsjytq
aXRKYGj8sT8vZ0IkI8N/u85nUy5s83SZ0cesEB/2LOfA3ZWNMx5ucKpd9okrazcz
AA==
=/7Ap
-----END PGP MESSAGE-----
如果相关,我的密钥存储在我一直插入的 YubiKey 上。它显示正常gpg --list-secret-keys并且gpg --card-edit似乎也能正常工作。
可能会破坏事物的密钥签名有什么不同?
在这种情况下,我实际上没有可用于签署密钥的子项(这与签署数据等不同)。
请注意,此处
C列出的唯一具有此功能的sec#密钥gpg实际上并不知道如何获取此密钥,因此我无法验证来自该系统的密钥。(谢天谢地,我在一个安全的地方有这部分密钥的副本!)