AskOverflow.Dev

AskOverflow.Dev Logo AskOverflow.Dev Logo

AskOverflow.Dev Navigation

  • 主页
  • 系统&网络
  • Ubuntu
  • Unix
  • DBA
  • Computer
  • Coding
  • LangChain

Mobile menu

Close
  • 主页
  • 系统&网络
    • 最新
    • 热门
    • 标签
  • Ubuntu
    • 最新
    • 热门
    • 标签
  • Unix
    • 最新
    • 标签
  • DBA
    • 最新
    • 标签
  • Computer
    • 最新
    • 标签
  • Coding
    • 最新
    • 标签
主页 / computer / 问题

问题[gnupg](computer)

Martin Hope
naphelge
Asked: 2025-01-09 05:17:54 +0800 CST

GPG-AGENT 仅提示输入加载了相同 gpg 密钥的多个密钥中的一个密钥

  • 6
该问题已从 Information Security Stack Exchange迁移,因为可以在 Super User 上回答。10 天前迁移 。

我有 (3) 个 YUBIKEY,都加载了相同的 GPG 密钥。

我目前正尝试从 Fedora 转移到基于 Debian 的发行版。

Fedora 38 至 41 上一切都运行良好。

我在基于 Debian 的发行版上遇到了一个问题(尝试我的第二个发行版来查看问题是否与发行版有关),当插入在 YK 上加载了相同 GPG 密钥的其他密钥时,gpg-agent 仅提示输入一个特定的 YK 序列号。

所有其他应用程序(FIDO2、OTP、PIV)似乎都可以与所有(3)个按键配合使用。$ gpg --card-status插入时甚至通常会输出每个按键的正确信息。

但是当我尝试使用密码管理器时,提示输入 gpg 密钥,除非我插入了一个特定的 YK,否则我会收到相同的错误:

$ pass -c workLogin
gpg: decryption failed: No secret key

我已经绞尽脑汁尝试了大约一周,尝试了通过网络搜索找到的所有方法。目前,我觉得似乎某个地方有一个缓存文件保存着这个 YK 序列号,插入新的 YK 时,这个缓存文件不会被重写。

运行 Fedora 时,在交换 YK 后,我通常必须拔出新插入的 YK 并重新插入,以便 GPG-AGENT 提示交换的 YK 的序列号。有点麻烦,但我已经习惯了,因为它有效。

目前我的 ~/.gnupg/scdaemon.conf 看起来像:

$ ~/.gnupg$ cat scdaemon.conf
reader-port Yubico Yubi
disable-ccid

但当然,在过去的一周里,我们添加和删除了一些行,试图从描述同一问题的页面中提出不同的建议,即使这些建议与描述同一问题的页面有些相似。

以下是journalctl -fan100插入 GPG-AGENT 提示输入序列号的 YK 时的输出:

Jan 08 14:32:45 jalapeno gpg-agent[7270]: detected card with S/N D45832138623212612345862797112345
Jan 08 14:43:27 jalapeno sudo[8773]: pam_unix(sudo:session): session closed for user root
Jan 08 14:46:03 jalapeno dbus-daemon[1392]: [session uid=1000 pid=1392] Activating service name='org.xfce.Xfconf' requested by ':1.169' (uid=1000 pid=7295 comm="xfce4-panel --display :0.0 --sm-client-id 27a4519a")
Jan 08 14:46:03 jalapeno dbus-daemon[1392]: [session uid=1000 pid=1392] Successfully activated service 'org.xfce.Xfconf'
Jan 08 14:51:10 jalapeno gpg-agent[7270]: detected card with S/N D45832138623212612345862797112345

当 GPG-AGENT 提示输入 YK 的密码时(粘贴的 S/N 与实际 S/N 不同),输入密码后,密码即可按预期工作。

现在,journalctl -fan100当插入 YK 的序列号与 GPG-AGENT 提示的序列号不同(但加载了相同的 GPG 密钥)时,输出如下:

Jan 08 15:00:56 jalapeno gpg-agent[7270]: card has S/N: D7474288449725239550924534651071
Jan 08 15:01:03 jalapeno gpg-agent[7270]: no device present
Jan 08 15:01:03 jalapeno dbus-daemon[1392]: [session uid=1000 pid=1392] Activating service name='org.gnome.keyring.SystemPrompter' requested by ':1.288' (uid=1000 pid=10087 comm="pinentry --display :0.0")
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: GLib-GIO: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: bus acquired: org.gnome.keyring.SystemPrompter
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: registering prompter
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: bus acquired: org.gnome.keyring.PrivatePrompter
Jan 08 15:01:03 jalapeno dbus-daemon[1392]: [session uid=1000 pid=1392] Successfully activated service 'org.gnome.keyring.SystemPrompter'
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: acquired name: org.gnome.keyring.SystemPrompter
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: creating new GcrPromptDialog prompt
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: GLib-GIO: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ‘gio-vfs’
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: automatically selecting secret exchange protocol
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: generating public key
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=yA30obMNSPg2J1GsJIXH3njo2UVUQxTKQcCPMRsYw0xd1fWSyVQiObvVnz8cZ01uQkoo4QnwtW5gprziWA65q2QmAxK1YyqW123YNSSuiEROtW1241IhucDg9DbMcdugunwu7XEX3WAGtcZZ8eJHlO2jItAGF3oXdX7UIZRcTVPYicBM9flsoNjlFzx6bD6OP1pTlYGrqLWHhhUImBiFs9EFHJWjHykoswSw9kfqnAIn3Jc2QuoAREY4U8nXIKlv\n
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: acquired name: org.gnome.keyring.PrivatePrompter
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: closing the prompt
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.288
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p0@:1.288, and ignoring reply
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: creating new GcrPromptDialog prompt
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: automatically selecting secret exchange protocol
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: generating public key
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=3CKEsoGt8zifPejfG0aqWWG9vySnsdWf2SHax5iKD17UvOPg604sY2TsS72LWXXVJRacX7iCHHFJvxExYCGQu5nxcwEm3sxxuvcvG5H2LPOlCVWdSihIIy16ZwbZy29kjaX888MRk61kvcE3jUBIDbZtaMxgu6ReVFzFOwXpgqIjJcJZ6kSSyRdq23fKjL9jfgdFs6mb1wnvis60BkRw5AM5tbnCy9dhbFSNxKJvJcC7Jjpoi7WSUviIYBpEUuV7\n
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: receiving secret exchange: [sx-aes-1]\npublic=MisGwRzKXaifdJC1Elqss26Vuo8SIBOtdfhE8e4XNr4ufJmwpFxO89D8lHFxQC1WJ5VltGADEYOGp271qWylwC4deNePTPhEYes7BgxhQ9VPRbpGPG8bPJmFBDfN33Q8lVVOL4fs0JniXIxWbO3ClQtfyYIZvAnfnCBglAiErGMheyFUVenc126RYZlZm9DMNvHhpQxw27KfeweE3CdxPsjh6KjGcosf8f3BmwdNaPL7OBa98zIPY0tDTHcN7V4I\n
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: deriving shared transport key
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: deriving transport key
Jan 08 15:01:03 jalapeno gcr-prompter[10092]: Gcr: starting confirm prompt for callback /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: completed confirm prompt for callback :1.292@/org/gnome/keyring/Prompt/p1
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: sending the secret exchange: [sx-aes-1]\npublic=SdZCwXsThbWGNVcAGuL5JXEH12QebzPdAJVrLrEXKG8mHTIzOO8sPAc2puQbqclAt8WSpiGNrBfCbyR1FLmxlso312kLopzonVJvjeSe1NDSDvkFRMO39suqYbLI6vJD5XkSPkbcAHGef0NKzr8LUldWbNgTw4VY40cFIlP5dPZRqaTqwEYevKkdh2vLEFBBHxkWRfxec11iw5Z1lmG8yP9IUcDZpJuLzs81ERNzRIl3gnf9vNjRQiLo91KFaGFF\n
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gpg-agent[7270]: no device present
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: closing the prompt
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.292
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p1@:1.292, and ignoring reply
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: creating new GcrPromptDialog prompt
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: automatically selecting secret exchange protocol
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: generating public key
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=NEFmZoTqpH1NlFAfHbZmRP4IWE8Wa8wF8glXqPAggWnjRsWokPca159QGE0jWjgtwB4SBT1Fh5cwoXqqyW5ge60vFnYDPGoU5u5Fiicms4PYLvjFlyn0aLgRMu5hhA642pv79A7BJ9GvrukfqJbhsFVrgO0FIn49EMKMWPyub88SRdNenp9CSahg1AfDQJEEEtIG2ObszhB9xIjVzxapmiUj9CCVIauOQLRBSgxqyjpGE3B3O1NVlhhWNJ4BPvJB\n
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: closing the prompt
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.293
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p0@:1.293, and ignoring reply
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: creating new GcrPromptDialog prompt
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: automatically selecting secret exchange protocol
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: generating public key
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=9DzI0sYWI0OCoS13tYZwcA8RxeGWdNelWBpXNgPBGyqAC5yHV0VUR1yuVtQuIOW34nySgxZCe2REsuDvYcgyR83mQJqUpLRQAjOtJlpx5MiOqCxXTCV1YEwKtJBDFeo7WLVYadlwzBAGdcUmPvoksqCo0zitE1JZhK7zW6bc8EZKboXi3km1DrCtMoE04giXl54MraoTorn8xckwqrT0OoEuIcsxJLEfeL3aVI7x7OsSO9b70G22ex7jA2FlGoST\n
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: receiving secret exchange: [sx-aes-1]\npublic=GopVGLCGtKNmKdveWRmKSElKUmGgGCFWOAPNJtPWwlnERuGv19yqR4EfnQ20Qcp5dXgK2O5FzHHu5nEc9TZt7sF76zXdisdy0LXeLDDUwHMCozaypAFbU3UopdRBKbT8wM9OjZFLUPb3yE0AqrLWC18vLqcErRQzxRFYhRmvc7NttcaHhgIQidQru8v326iFvOZZmyHZ6jLb63qVHrPYx809GdWnOFvPzWk8adbHx9GBtzWxrW4iBtClzkpKs9KH\n
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: deriving shared transport key
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: deriving transport key
Jan 08 15:01:05 jalapeno gcr-prompter[10092]: Gcr: starting confirm prompt for callback /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: completed confirm prompt for callback :1.295@/org/gnome/keyring/Prompt/p1
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: sending the secret exchange: [sx-aes-1]\npublic=WJr5YIyK3aYL9AMIUsqWYmhiYDKs25Do9v4lMJNgf117nF6Wfs1Ra9iFyJDbZbpFKSng5xMxAYUYAf23RdGrVq3hnl1hFY2qxFETh8e6ELi4JovxEaq7EaoOCcsDhK3pTlABCuOiHzcNYdXPOa5Yj6wXx565QXW1mimNMhOxFqMFqWKcmcAfIuh1Ts0gjHEbdXQKKuZDPdOU7eqBjPcSFJU5l6jqaWKFmEKYgZJ4tMoBfr6JTdP04eE3JkA5h2SO\n
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gpg-agent[7270]: no device present
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: closing the prompt
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.295
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p1@:1.295, and ignoring reply
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: creating new GcrPromptDialog prompt
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: automatically selecting secret exchange protocol
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: generating public key
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=J1iv8yMS7UrbvHEEjSqWNtwlBZghe3FiWhZviJvnN3XAoY9KsHZDa6D0qMK6fSkjldu8oBdrcU6YPxwP4HjQ8qYP165QSP2wjIJMhUNba7WcV9JRmyciMXHlbPus3Q9Nfezo225CP9zGqFHQ28dGtjSVLh45ruzbkXsApdXpygCbpRGvSuGy74dgV5m1xl4y5CNSSU1zuH8bCKZ6S0RtcRX85aqIWQrrbFw6H6n42xX8V4kNgHECVDj6NbTJBXr9\n
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: closing the prompt
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.296
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p0@:1.296, and ignoring reply
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: creating new GcrPromptDialog prompt
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: automatically selecting secret exchange protocol
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: generating public key
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=z1KgllvBCW9kHcXWH60hRhkP5791mGPtOTZncVxeE1a0qSJxWVsFDPlX57eubh8KUilXKT6jTVVUTzM0vlqr442p9LF0WO0sq9Xj79tNJkWL0yUfZJtJLnp6CoQjFjFxoDI0qbdripLImevESp1Ow0jBQ44HISLAf5qCbUcVbJeA244ioXTpcsyvlzAxxmIkKP4k0PDxlmiM2lRGNXPjAJ2JvitZATZjuwKnbOc0f7p32fmlMQ4KpDaTCMkmldu7\n
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: receiving secret exchange: [sx-aes-1]\npublic=ZTTuLMdDHwQxxtWFDiT4vLh6mCe01dsO9JKabAPCkfDhGPJ9BsCT4qfzJZDu6CtXgEmmnxmPV7FFyUq7UnQAlEl1sEgN43xrNYm8NZC6kMzlSt1LLdknug2osBKEfG5F6XIlF1i4aFjHtdkTBRVrclq8D1Z8CjeolhkHmJYhWI1RUFOFgHEsF7dOdnyP4Vkcu49D87rBI3LrbV5XHidFc54EzSUDoYTckAIHMSUYqTf6sC6VK02kfcWzKfAJTSYz\n
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: deriving shared transport key
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: deriving transport key
Jan 08 15:01:06 jalapeno gcr-prompter[10092]: Gcr: starting confirm prompt for callback /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: completed confirm prompt for callback :1.298@/org/gnome/keyring/Prompt/p1
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: sending the secret exchange: [sx-aes-1]\npublic=3G2h7N2pURrHNwQwUgoT26AasdKmqSXmM1dGjeVCJH71Fi0xMVKjI6Jcxe25sRLQIcHTBix8NeDbUPKolLKGSJkZFhP0PRMtVEk5OoZVem5dQpI90QXiIBKUftspseB523tchBDQAsWRQNN8P2I36uT37DQfZNtVSQ3WKzpAwupoYdgZJXfPHGaKVVD5MMUh2W41CoSTOyXXIMdKXK15n2PEQLnxDTtSZ54uMKJZsyF2Xk8Wxv8qGOzfdZiDbpbE\n
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gpg-agent[7270]: smartcard decryption failed: Operation cancelled
Jan 08 15:01:07 jalapeno gpg-agent[7270]: command 'PKDECRYPT' failed: Operation cancelled <Pinentry>
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: closing the prompt
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.298
Jan 08 15:01:07 jalapeno gcr-prompter[10092]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p1@:1.298, and ignoring reply
Jan 08 15:01:18 jalapeno gcr-prompter[10092]: Gcr: 10 second inactivity timeout, quitting
Jan 08 15:01:18 jalapeno gcr-prompter[10092]: Gcr: unregistering prompter
Jan 08 15:01:18 jalapeno gcr-prompter[10092]: Gcr: disposing prompter
Jan 08 15:01:18 jalapeno gcr-prompter[10092]: Gcr: finalizing prompter

然后 gpg 请求当然会失败。

我仍在其中一台机器上运行 Fedora 41,我暂时将其迁移到 Debian,直到我的问题得到解决。所有 (3) YK 仍可与 GPG-AGENT 配合使用,但存在之前提到的小问题,即在交换后第一次调用 GPG-AGENT 时,通常需要拔出并重新插入新交换的 YK。

===

其他详细信息:

拔出并重新插入 YK、终止 scdaemon:、$ pkill -9 scdaemon重新启动 GPG-AGENT:、$ gpg-connect-agent reloadagent /bye重新启动 pcscd.service、注销并重新登录以及重新启动 PC 均无效。调用 GPG-AGENT 时,总是会提示输入相同的 YK 序列号。

===

更新

下面@awolf 提供的解决方案有一个我在评论中提到的小警告。

我尝试创建一个别名以使命令更容易:

$ sn=`ykman info|grep Serial|awk '{print $3}'` ; echo $sn ; gpg-connect-agent $sn "learn --force" /bye
30229356
ERR 67109139 Unknown IPC command <GPG Agent>
ERR 67141741 Broken pipe <GPG Agent>

知道为什么会出现 ERR 吗?

如果我手动输入 YK 的 S.No.,则不会出现问题,但尝试使用变量 ($sn)(打印 OK)时会出错。谢谢。

gnupg
  • 1 个回答
  • 69 Views
Martin Hope
sergico
Asked: 2023-12-02 22:08:25 +0800 CST

无法在 Ubuntu 22.04 上使用 TPM2 保护 GPG 密钥

  • 7
这个问题是从 Cryptography Stack Exchange迁移来的,因为它可以在超级用户上得到回答。 15天前迁移 。

我正在尝试使用笔记本电脑上提供的 TPM2 来保护 GPG 密钥,但没有取得任何成功。可能我做错了什么,但我无法弄清楚这是什么。我的系统正在运行Ubuntu 22.04

这是我所做的:

验证 TPM2 在我的 Linux 系统中可用并启用:

  • 检查启动时是否检测到 tpm 硬件:
$ dmesg | grep -i tpm 
[    0.327325] kernel: tpm_tis STM0125:00: 2.0 TPM (device-id 0x0, rev-id 78)
  • 检查 tpm 设备是否可用并且拥有正确的所有者:
$ ls -l /dev/tpm*
crw-rw---- 1 tss tss  10,   224 nov 27 07:42 /dev/tpm0
crw-rw---- 1 tss tss  253, 65536 nov 27 07:42 /dev/tpmrm0
  • tss我的用户是该组的成员

  • 安装了以下软件包:

clevis-tpm2
libnatpmp1
libtss2-tcti-swtpm0
tpm-udev
tpm2-abrmd
tpm2-openssl
tpm2-tools
libtpm2-pkcs11-tools
libtpm2-pkcs11-1 
  • 加载tpm模块:
$ modprobe tpm_tis_spi
$ lsmod | grep tpm
tpm_tis_spi            20480  0
  • 检查 tpm 代理是否已启动并正在运行
root@NR054-UB:/lib/modules/6.2.0-37-generic# systemctl status tpm2-abrmd
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
     Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-11-27 07:42:29 CET; 4 days ago
   Main PID: 1086 (tpm2-abrmd)
      Tasks: 6 (limit: 18082)
     Memory: 1.4M
        CPU: 9.563s
     CGroup: /system.slice/tpm2-abrmd.service
             └─1086 /usr/sbin/tpm2-abrmd

我构建了 gpg 版本2.4(作为默认 gpg 版本ubuntu 22.04)2.2并将环境变量设置GNUPGHOME=~/gpg2.tmp/为使用“干净”密钥环

$ gpg2 --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/<my-username>/gpg2.tmp
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
  • 这是我的gpgconf输出:gpg 2.4已安装,/opt/gpg24以避免覆盖当前的gpg 2.2默认安装
$ gpgconf 
gpg:OpenPGP:/opt/gpg24/bin/gpg2
gpgsm:S/MIME:/opt/gpg24/bin/gpgsm
keyboxd:Public Keys:/opt/gpg24/libexec/keyboxd
gpg-agent:Private Keys:/opt/gpg24/bin/gpg-agent
scdaemon:Smartcards:/opt/gpg24/libexec/scdaemon
tpm2daemon:TPM:/opt/gpg24/libexec/tpm2daemon
dirmngr:Network:/opt/gpg24/bin/dirmngr
pinentry:Passphrase Entry:/opt/gpg24/bin/pinentry

尝试使用 TPM 保护测试 gpg 密钥

到目前为止,一切都很好。由于我在设置前面的所有步骤时没有收到相关错误或警告,因此我继续遵循以下示例:

[1] https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html

[2] https://www.monperrus.net/martin/7-things-to-do-with-your-TPM-on-Linux

  • 启动 tpm2daemon:
tpm2daemon --log-file ~/gpg2.tmp/tpm2daemon.log --daemon --debug-level 1000

但是,当我尝试将密钥移至 TPM 时,我没有获得 card-no: TPM-Protected密钥的属性

$ /opt/gpg24/bin/gpg2 --edit-key [email protected] 
gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/2E0718AD3A17F52E
     created: 2023-12-02  expires: 2026-12-01  usage: SC  
     trust: ultimate      validity: ultimate
[ultimate] (1). [email protected]

gpg> keytotpm
Really move the primary key? (y/N) y
                                    
sec  rsa2048/2E0718AD3A17F52E
     created: 2023-12-02  expires: 2026-12-01  usage: SC  
     trust: ultimate      validity: ultimate
[ultimate] (1). [email protected]

我做错了什么?关于如何调试这个的任何提示?

gnupg
  • 1 个回答
  • 43 Views
Martin Hope
John
Asked: 2023-11-08 02:36:58 +0800 CST

当没有公钥时如何验证软件包安装程序

  • 6

我正准备安装privoxy,并且希望在他们的网站、SourceForge 或密钥服务器上的某个位置找到 privoxy 公钥。我找不到它。我发现的所有 gpg 教程都表明这是验证文件真实性的重要组成部分。

我已经下载了软件包安装程序和随附.asc文件,但显然没有开发人员的公钥,我无法验证它。

Privoxy 3.0.34 64 bit.pkg.asc
Privoxy 3.0.34 64 bit.pkg

gpg --verify /Users/john/Downloads/Privoxy\ 3.0.34\ 64\ bit.pkg.asc /Users/john/Downloads/Privoxy\ 3.0.34\ 64\ bit.pkg 
gpg: Signature made Sun Feb  5 14:27:04 2023 CST
gpg:                using RSA key A90A85C1159F009DC3CDAE76451009FAB9D8A252
gpg: Can't check signature: No public key

gpg --keyserver https://pgp.mit.edu/ --search-keys A90A85C1159F009DC3CDAE76451009FAB9D8A252
gpg: data source: https://pgp.mit.edu:443
gpg: key "A90A85C1159F009DC3CDAE76451009FAB9D8A252" not found on keyserver
gpg: keyserver search failed: Not found

我假设我在这里有错。.asc如果没有一种方法可以使用包文件来验证包,那么开发人员为什么要费尽心思发布包文件呢?

看看这篇旧文章,它表明公钥应该可用并且比哈希值更有用。

我将不胜感激任何有关此的信息/建议/帮助。

谢谢

尝试了额外的操作

gpg --import Privoxy\ 3.0.34\ 64\ bit.pkg.asc                       
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gnupg
  • 1 个回答
  • 30 Views
Martin Hope
We are Borg
Asked: 2023-09-18 13:28:35 +0800 CST

GPG:GPG到底使用哪个密钥来加密和解密?

  • 5
这个问题是从信息安全堆栈交换迁移来的,因为它可以在超级用户上回答。 8天前迁移 。

不久前,我安装了 GPG 并使用它来加密文件和文本。

用于加密的命令:

gpg -c file.zip > file.zip.gpg

用于解密的命令:

gpg -d file.zip.gpg > file.zip

到目前为止,我并没有注意哪个键,因为我直接备份了.gnupg文件夹。今天我想确认密钥是否存在并且存在于文件夹中。但不幸的是,在私钥文件夹中,它什么也没有显示。

命令gpg -c和gpg -d工作得很好。我每次都会弹出一个基于 UI 的密码窗口。

但当我跑步时

gpg --export-secret-keys --export-options backup --output private1.gpg
gpg: WARNING: nothing exported

OR

gpg --list-secret-keys --keyid-format LONG
it also returns empty. 

现在,我的private-keys-v1.d文件夹里什么也没有。我有文件pubring.kbx,,trustedb.gpg。random_seed我如何确定全新安装后能够解密我的文件?

gnupg
  • 1 个回答
  • 33 Views
Martin Hope
Zoltan King
Asked: 2023-08-16 03:43:51 +0800 CST

我确定我生成的 gnupg 密钥不好。我删除了包含它的“.gnupg”文件夹。在生成新密钥之前就足够了吗?

  • 5

我生成了密钥,gpg --full-generate-key然后将其放置在HOME文件夹的.gnupg文件夹中。我现在删除了整个.gnupg文件夹。如果我决定生成一个全新的密钥就足够了吗?或者我是否还需要从其他位置删除数据?

gnupg
  • 1 个回答
  • 49 Views
Martin Hope
Starua
Asked: 2023-03-30 00:19:26 +0800 CST

如果我从我的 pgp 密钥中删除一个 uid,会发生坏事吗?

  • 5

几天前,我在我的 openpgp 密钥环中添加了一个照片 uid。

如果我想稍后更新此图像,我是否必须撤销旧图像并将其保留在密钥上?我不想这样做,因为这显然会使我的公钥变得越来越大。

或者我可以删除 uid 并假装旧的不存在?

那普通的uid呢?

我什么时候必须撤销我的 uid,什么时候我可以删除它并把它留在一边?

gnupg
  • 1 个回答
  • 11 Views
Martin Hope
c-x-berger
Asked: 2022-11-30 15:39:50 +0800 CST

为什么我不能签署朋友的 GPG 密钥,即使我可以很好地签署 git 提交和消息?

  • 6

我正在尝试签署某人的 GPG 密钥,并不断收到一个奇怪的错误:

# for example
$ gpg --sign-key [email protected] 

pub  rsa2048/DBD2CE893E2D1C87
     created: 2017-06-27  expires: never       usage: SC  
     trust: unknown       validity: unknown
sub  rsa2048/C714D46F0AB88BAA
     created: 2017-06-27  expires: never       usage: E   
[ unknown] (1). Christoph Feck <[email protected]>

gpg: using "5F6E4C40D1D8450B" as default secret key for signing

pub  rsa2048/DBD2CE893E2D1C87
     created: 2017-06-27  expires: never       usage: SC  
     trust: unknown       validity: unknown
 Primary key fingerprint: F232 75E4 BF10 AFC1 DF69  14A6 DBD2 CE89 3E2D 1C87

     Christoph Feck <[email protected]>

Are you sure that you want to sign this key with your
key "Caleb Xavier Berger (Master Hardware Key) <[email protected]>" (5F6E4C40D1D8450B)

Really sign? (y/N) y
gpg: signing failed: No secret key
gpg: signing failed: No secret key

Key not changed so no update needed.

但我可以运行命令,就像gpg --sign你期望的那样得到签名消息:

$ gpg --sign --armor
gpg: using "5F6E4C40D1D8450B" as default secret key for signing
memes!
-----BEGIN PGP MESSAGE-----

owGbwMvMwCG29qzhPD2zoGLG07xJDMlt091zU3NTixW5OkpZGMQ4GGTFFFlSpYV7
7ny+uvHfx612MOWsTEC1PgxcnAIwkUNmDP/UOBcekTt6v2qurMVGg5cf16Qsjytq
aXRKYGj8sT8vZ0IkI8N/u85nUy5s83SZ0cesEB/2LOfA3ZWNMx5ucKpd9okrazcz
AA==
=/7Ap
-----END PGP MESSAGE-----

如果相关,我的密钥存储在我一直插入的 YubiKey 上。它显示正常gpg --list-secret-keys并且gpg --card-edit似乎也能正常工作。

可能会破坏事物的密钥签名有什么不同?

gnupg
  • 1 个回答
  • 16 Views
Martin Hope
Mikke Mus
Asked: 2022-09-03 08:41:56 +0800 CST

GPG:应该使用哪个密码来签署密钥?

  • 5

我正在学习使用 GPG。我已经使用密码“a”创建了一个密钥对,以确保我不会输错密码。制作完成后,我立即进入

gpg --edit-key id
gpg> fpr
gpg> sign

GnuPG 然后提示输入密码,但它提示 i 输入我在当天早些时候创建的密钥,而不是我指定的密钥id。我输入了我要签名的密钥的密码,你记得它只是字母 a。它抱怨这是错误的密码。我可以看到密码短语适用于其他事情,例如更改密码短语等等。

那么,为什么我要使用与我要签名的密钥不同的密码短语呢?

linux gnupg
  • 1 个回答
  • 17 Views
Martin Hope
janeden
Asked: 2022-06-08 11:05:47 +0800 CST

gpg auto-locate-key 选择撤销的密钥

  • 5

我刚刚在我的服务器上配置了 WKD,并且

gpg -v --auto-key-locate clear,wkd,nodefault --locate-key [email protected]

我的大多数 uid/key 组合都按预期工作,除了一个地址 ([email protected]) 链接到当前和撤销的密钥。上述命令的输出如下所示:

gpg: Note: RFC4880bis features are enabled.
gpg: using pgp trust model
gpg: pub  rsa4096/68FD03F8C6AB1DE4 2016-06-15  Old User <[email protected]>
gpg: Note: signature key 68FD03F8C6AB1DE4 expired Mon Jun 14 18:12:44 2021 CEST
gpg: key 68FD03F8C6AB1DE4: "Old Nickname <[email protected]>" not changed
gpg: pub  ed25519/7CD4656792B3A1F9 2022-06-06  Old User <[email protected]>
gpg: key 7CD4656792B3A1F9: "Old User <[email protected]>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2
gpg: auto-key-locate found fingerprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gpg: Note: signature key 68FD03F8C6AB1DE4 expired Mon Jun 14 18:12:44 2021 CEST
gpg: automatically retrieved '[email protected]' via WKD
pub   rsa4096 2016-06-15 [SC] [revoked: 2022-06-07]
      51585E1318770F501D3CBDE968FD03F8C6AB1DE4
uid           [ revoked] Old Nickname <[email protected]>
uid           [ revoked] Old User <[email protected]>
uid           [ revoked] Old Nickname2 <[email protected]>
sub   rsa4096 2016-06-15 [E] [revoked: 2022-06-07]

即使 [email protected] 是新密钥的主要 uid,gpg 也会显示此密钥的另一个 uid ([email protected])。这很奇怪,但无关紧要。但随后 gpg 继续选择可通过 WKD 以某种方式获得的已撤销密钥。

https://metacode.biz/openpgp/web-key-directory上的 WKD 测试提供了类似的结果,但它显示了当前密钥和撤销密钥的指纹。

两个问题:

  1. 哪个 WKD 服务器托管我已撤销的密钥,使其优先于我在 domain.com 上的 WKD 服务器?
  2. 为什么 gpg 会选择过期和撤销的密钥而不是有效密钥?

谢谢,扬

gnupg openpgp
  • 1 个回答
  • 32 Views
Martin Hope
Plup
Asked: 2022-06-04 08:14:06 +0800 CST

加密子密钥的 GPG 存根不起作用

  • 6

我创建了一组经典的身份验证、签名和加密子密钥gpg,然后将它们移动到智能卡 [ledger nano S] 中,这似乎工作正常,因为我可以看到三个子密钥:

$ gpg --card-status

  Serial number ....: 00000000
  Signature key ....: F34F 66B8 5D18 A8BC CDD4  C909 4705 D74B 9E2F EFFC
  Encryption key....: AD71 E2C1 2E41 C870 3192  D997 78B9 F3F6 7D9B 47DC
  Authentication key: D644 70D8 88AB BA93 F9F4  BFE0 2726 E1C4 E4DB E4C3

我是如何降落在那里的

基本信息:

$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.8.8

生成加密、签名和认证子密钥:

$ gpg --expert --edit-key Plup*
gpg> addkey
  type: ECC (sign only)
  curve: cv25519
  Please unlock the card

gpg> addkey
  type: ECC (encrypt only)
  curve: cv25519

gpg> addkey
  type: ECC (set your own capabilities)
  allowed actions: Authenticate
  curve: cv25519

gpg> save

检查子项:

$ gpg -K Plup*
sec>  ed25519 2022-06-03 [SC]
      394ED8F3BA05CF4E7866D54657EEBF4BCFF5BFCD
      Card serial no. = 2C97 11BFF50F
uid           [ultimate] Plup* <[email protected]>
ssb   ed25519 2022-06-03 [S]
ssb   cv25519 2022-06-03 [E]
ssb   ed25519 2022-06-03 [A]

将子密钥移动到新的智能卡插槽(/!\确保不覆盖主密钥):

$ gpg --card-status
Reader ...........: Ledger Nano S [Nano S] (0001) 00 00
Serial number ....: 7AC3CFF8
Signature key ....: [none]

$ gpg --edit-key Plup*
gpg> key 1
gpg> keytocard
    Signature key
    Passphrase:
    Please entre the Admin PIN
    Number: 2C97 7AC3CFF8

gpg> key 1
gpg> key 2
gpg> keytocard
    Encryption key
    Passphrase:

gpg> key 2
gpg> key 3
gpg> keytocard
    Authentication key
    Passphrase:

gpg> save

我现在遇到的问题

指纹与密钥环看到的相匹配,但由于某种我不明白的原因,加密密钥存根没有到位,并且私有子密钥仍然存在于计算机密钥环中。解密时它仍然要求输入密码而不是智能卡 PIN:

```
$ gpg --with-keygrip --with-subkey-fingerprints -K Plup*

  sec>  ed25519 2022-06-03 [SC]
        394ED8F3BA05CF4E7866D54657EEBF4BCFF5BFCD
        Keygrip = 27D911732841CDB06B3CDFA100DDE95DF420B92E
        Card serial no. = 2C97 11BFF50F
  uid           [ultimate] Plup* <[email protected]>
  ssb>  ed25519 2022-06-03 [S]
        F34F66B85D18A8BCCDD4C9094705D74B9E2FEFFC
        Card serial no. = 2C97 7AC3CFF8
        Keygrip = AF76C5E4B1DA101E0F3AFEDDDED6276C4D011261
  ssb   cv25519 2022-06-03 [E]
        AD71E2C12E41C8703192D99778B9F3F67D9B47DC
        Keygrip = E6D65814CBE230A21001F36BD2BC232E6B7251ED
  ssb>  ed25519 2022-06-03 [A]
        D64470D888ABBA93F9F4BFE02726E1C4E4DBE4C3
        Card serial no. = 2C97 7AC3CFF8
        Keygrip = 511C8CAAC3A7B8A2DAD4B3E6A512A7F160A02CD5
```

到目前为止我尝试过的

  • 我试图删除私钥并且不能强制存根创建自己:

    ssb#  cv25519/78B9F3F67D9B47DC  created: 2022-06-03  expires: never
    
  • 在调试中启动向我显示了一个错误的键握把(删除后它继续创建相同的键):

2022-06-06 12:47:44 gpg-agent[12064]           id: OPENPGP.2    (grip=C74F8FF13CB491D0C98497C6B77A49FCB156F7E5)
2022-06-06 12:47:44 gpg-agent[12064] DBG: chan_11 -> READKEY OPENPGP.2
2022-06-06 12:47:44 gpg-agent[12064] DBG: chan_11 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(91 byte(s) skipped) ]
2022-06-06 12:47:44 gpg-agent[12064] DBG: chan_11 <- OK
2022-06-06 12:47:44 gpg-agent[12064]           id: OPENPGP.2 - shadow key created

确认:

$ gpg-connect-agent 'keyinfo --list' /bye | grep D2760001240103032C977AC3CFF80000

  S KEYINFO 705790B1A7609806F633BCCB212784031E42017E T D2760001240103032C977AC3CFF80000 OPENPGP.1 - - - - -
  S KEYINFO AF76C5E4B1DA101E0F3AFEDDDED6276C4D011261 T D2760001240103032C977AC3CFF80000 OPENPGP.1 - - - - -
  S KEYINFO C74F8FF13CB491D0C98497C6B77A49FCB156F7E5 T D2760001240103032C977AC3CFF80000 OPENPGP.2 - - - - -
  S KEYINFO 511C8CAAC3A7B8A2DAD4B3E6A512A7F160A02CD5 T D2760001240103032C977AC3CFF80000 OPENPGP.3 - - - - -
  • 我试图用相同的曲线重新创建一个新的加密子密钥,但keytocard仍然表现相同:它没有错误地完成,但密钥(下面的新手柄)没有移动:
$ gpg-connect-agent 'keyinfo --list' /bye | grep 5CF6DF65EF080B01F774BCC7F8063814CE5DAEF6
S KEYINFO 5CF6DF65EF080B01F774BCC7F8063814CE5DAEF6 D - - - P - - -
gnupg encryption
  • 1 个回答
  • 42 Views

Sidebar

Stats

  • 问题 205573
  • 回答 270741
  • 最佳答案 135370
  • 用户 68524
  • 热门
  • 回答
  • Marko Smith

    如何减少“vmmem”进程的消耗?

    • 11 个回答
  • Marko Smith

    从 Microsoft Stream 下载视频

    • 4 个回答
  • Marko Smith

    Google Chrome DevTools 无法解析 SourceMap:chrome-extension

    • 6 个回答
  • Marko Smith

    Windows 照片查看器因为内存不足而无法运行?

    • 5 个回答
  • Marko Smith

    支持结束后如何激活 WindowsXP?

    • 6 个回答
  • Marko Smith

    远程桌面间歇性冻结

    • 7 个回答
  • Marko Smith

    子网掩码 /32 是什么意思?

    • 6 个回答
  • Marko Smith

    鼠标指针在 Windows 中按下的箭头键上移动?

    • 1 个回答
  • Marko Smith

    VirtualBox 无法以 VERR_NEM_VM_CREATE_FAILED 启动

    • 8 个回答
  • Marko Smith

    应用程序不会出现在 MacBook 的摄像头和麦克风隐私设置中

    • 5 个回答
  • Martin Hope
    Vickel Firefox 不再允许粘贴到 WhatsApp 网页中? 2023-08-18 05:04:35 +0800 CST
  • Martin Hope
    Saaru Lindestøkke 为什么使用 Python 的 tar 库时 tar.xz 文件比 macOS tar 小 15 倍? 2021-03-14 09:37:48 +0800 CST
  • Martin Hope
    CiaranWelsh 如何减少“vmmem”进程的消耗? 2020-06-10 02:06:58 +0800 CST
  • Martin Hope
    Jim Windows 10 搜索未加载,显示空白窗口 2020-02-06 03:28:26 +0800 CST
  • Martin Hope
    andre_ss6 远程桌面间歇性冻结 2019-09-11 12:56:40 +0800 CST
  • Martin Hope
    Riley Carney 为什么在 URL 后面加一个点会删除登录信息? 2019-08-06 10:59:24 +0800 CST
  • Martin Hope
    zdimension 鼠标指针在 Windows 中按下的箭头键上移动? 2019-08-04 06:39:57 +0800 CST
  • Martin Hope
    jonsca 我所有的 Firefox 附加组件突然被禁用了,我该如何重新启用它们? 2019-05-04 17:58:52 +0800 CST
  • Martin Hope
    MCK 是否可以使用文本创建二维码? 2019-04-02 06:32:14 +0800 CST
  • Martin Hope
    SoniEx2 更改 git init 默认分支名称 2019-04-01 06:16:56 +0800 CST

热门标签

windows-10 linux windows microsoft-excel networking ubuntu worksheet-function bash command-line hard-drive

Explore

  • 主页
  • 问题
    • 最新
    • 热门
  • 标签
  • 帮助

Footer

AskOverflow.Dev

关于我们

  • 关于我们
  • 联系我们

Legal Stuff

  • Privacy Policy

Language

  • Pt
  • Server
  • Unix

© 2023 AskOverflow.DEV All Rights Reserve