You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
1.4 KiB
Markdown
30 lines
1.4 KiB
Markdown
10 years ago
|
---
|
||
|
|
layout: post
|
||
|
|
title: "GnuPG 2.1.2 doesn't work with caff"
|
||
|
|
date: 2015-05-09 01:50:02 +0200
|
||
|
|
comments: true
|
||
|
|
categories:
|
||
|
|
---
|
||
|
|
|
||
|
|
Today I signed a GnuPG key using my air-gapped master private key,
|
||
|
|
and then tried to send the signature to the key owner from
|
||
|
|
my network-connected workstation using [caff](https://wiki.debian.org/caff).
|
||
|
|
This failed miserably, with caff unable to find a valid signature,
|
||
|
|
and `gpg --list-secret-keys` missing the (stub) private key.
|
||
|
|
|
||
|
|
It turns out that I had inadvertently upgraded GnuPG on this workstation
|
||
|
|
to version 2.1.2, which has a [completely revamped secret keys handling](https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring):
|
||
|
|
secret key material is now entirely handled by `gpg-agent`, and
|
||
|
|
the `--secret-keyring` command line option for `gpg` (which `caff`
|
||
|
|
depends on) is now
|
||
|
|
[obsolete](https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029296.html).
|
||
|
|
|
||
|
|
GnuPG 2.1 apparently also chokes on some legacy keys, and the work-around
|
||
|
|
is to [reimport the keyring manually](http://jo-ke.name/wp/?p=111).
|
||
|
|
|
||
|
|
`caff` has been [fixed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771857)
|
||
|
|
to support GnuPG 2.1. However this depends on GnuPG 2.1.3 or newer,
|
||
|
|
which is [not in the ports tree yet](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200057),
|
||
|
|
so for the time being I have reverted
|
||
|
|
to the "stable" 2.0 release: `portmaster -o security/gnupg20 gnupg`.
|