i have a file.txt.pgp which i want to decrypt in solaris. i have a key.asc file as well.
I imported the key using
gpg --import key.asc
when i am trying to decrpty the file using
gpg --decrypt file.txt.pgp
I am getting the below error
gpg:no valid OpenPGP data found.
gpg:decrypt message failed:eof
Also there is no secret/private key corresponding to the public key i imported. How can i fix this?
Related
I'm building an Android apk using Github actions, and I need to use the Android sign key in order to sign it before releasing it.
To do so I'm using the technic described here with GPG to encrypt the release key as base64 string, and use it as a secret in Github actions.
Then, inside my workflow, I use GPG to decrypt it back into the key file.
However, this process that works fine on my mac, is failing in Github actions.
Running this
- name: Decode keystore file
run: |
echo "${{ secrets.KEY_STORE }}" > release.keystore.asc
gpg -d --passphrase "${{ secrets.KEY_STORE_PASSPHRASE }}" --batch release.keystore.asc > signing-key.jks
results in this
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: Unknown system error
##[error]Process completed with exit code 2.
Running sudo apt-get install ca-certificates before using GPG is at no help either, since it says that it's already installed.
Any ideas?
It seems release.keystore.asc contains invalid PGP data or no data at all. First, I would check the content of a release.keystore.asc. You can upload the file as an artifact then download it to examine its contents. Modify the workflow by adding the upload-artifact action step after Decode keystore file step
- name: Decode keystore file
run: |
echo "${{ secrets.KEY_STORE }}" > release.keystore.asc
gpg -d --passphrase "${{ secrets.KEY_STORE_PASSPHRASE }}" --batch release.keystore.asc > signing-key.jks
- uses: actions/upload-artifact#v2
if: failure()
with:
name: release.keystore.asc
path: release.keystore.asc
Now you can download the release.keystore.asc artifact (it will be zipped so you have to unzip it) and check if the file contains valid PGP data (the file should start with -----BEGIN PGP MESSAGE----- and end with -----END PGP MESSAGE----- and contain valid encrypted PGP content between). If it does not then it means KEY_STORE secret contains invalid data.
I was getting same error. I made a silly mistake, not sure if you also made same.
while copying the base 64 key store string to git secret, I was only copying the base64 string and not the whole file. i.e.
whole .asc file is like this:
-----BEGIN PGP MESSAGE-----
**base64 string here**
-----END PGP MESSAGE-----
You need to copy this whole file content (including BEGIN PGP and END PGP message). This solved my problem.
When I submit a new Key in http://hkps.pool.sks-keyservers.net/ it returns 200 OK and the following body:
1 key(s) added successfully.
Key block added to key server database.
New public keys added:
Yet, I am not sure if the key was successfully added because nothing is listed after the New public keys added:
In fact after that when I try to search for the key in OpenPGPkeyserver it returns No results found: No keys found
Also when I push the key through the command line with the following command I cannot figure out what is the response from the server:
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys B34A93B1
The output is simply:
gpg: sending key B34A93B1 to hkp://pool.sks-keyservers.net
I am using gpg (GnuPG) 2.2.17 libgcrypt 1.8.4.
The answer to my question: OpenPGPkeyserver No keys found after Submit OpenPGP Public Key is related with a wrong value passed to the search query parameter on url:
http://hkps.pool.sks-keyservers.net/pks/lookup?search=***KEY-ID***&fingerprint=on&op=index
Here the ***KEY-ID*** should include the prefix 0x.... otherwise it will not find the public key.
Nevertheless I am still confused about the returned message when we submit a new key since no clear information is given after :. Just returning New public keys added: and nothing is quite ambiguous.
I'm trying to build a linux kernel for my Arch install. I'd like to verify the signatures but find I can't get the keys needed to do that:
[joemadeus#<host>]$ gpg2 -vvv --locate-keys torvalds#kernel.org gregkh#kernel.org
gpg: using character set 'iso-8859-1'
gpg: using pgp trust model
gpg: key <HEX CHARS HERE> accepted as trusted key
gpg: error retrieving 'gregkh#kernel.org` via Local: No public key
gpg: error retrieving 'gregkh#kernel.org` via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'torvalds#kernel.org` via Local: No public key
gpg: error retrieving 'torvalds#kernel.org` via WKD: No data
gpg: error reading key: No data
Obviously these keys are there and something is wrong with the way I'm going after them. Unfortunately there's nothing here that gives me any hints, even with verbose turned on. And, searching about I find... nothing.
I do have connectivity to the outside world and can get to kernel.org via http without any trouble. In fact, that's where I found out how to get the keys: https://www.kernel.org/category/signatures.html I've tried several times over the last couple of days, so I don't think kernel.org is having problems (unless they're very long-lived ones.)
I have created a key for myself with this login on the local system. I haven't pushed it out anywhere. I don't know if any of that matters.
Any hints?
The solution comes from this post, found by a friend of mine, which answers a similar question (but with a different error message): https://askubuntu.com/a/1027703
The default gpg config on Arch does not include:
auto-key-locate cert,pka,dane,wkd,keyserver
...and I did not supply it on the command line (didn't know it existed.) Once this option was specified it found the keys.
The easiest way of importing the key of Linus and Greg is by fetching it directly by fingerprint as found by your link.
Fetch Linus Torvalds key:
gpg --search-keys ABAF11C65A2970B130ABE3C479BE3E4300411886
Fetch Greg Kroah-Hartmans key:
gpg --search-keys 647F28654894E3BD457199BE38DBBDC86092693E
This approach also makes it easier to ensure you fetch the correct keys and not any key published with the email addresses.
The former xxx.BrokerImport is expired, and I generate a new key with the same name 'xxx.Import' and import it into remote server. But I can't delete the former one. They have same name, when I use 'xxx.Import' to encrypt, it will failed, I guess it used the former one not the new import one.
I want to delete one expired key in remote server.
Use root user to execute commands:
[root#ip-xxx xxx_ansible]#gpg --delete-key B7C1CB35
But get following error:
gpg: WARNING: unsafe ownership on homedir `/XXX/XXX_Import_tools/Keys'
I used root user to execute this, no idea why I haven't permission.
And I try:
[root#ip-xxx xxx_ansible]# sudo gpg --delete-key B7C1CB35
then get another error:
gpg: key "B7C1CB35" not found: Unknown system error
gpg: B7C1CB35: delete key failed: Unknown system error
However the public key is exist.
[root#ip-xxx xxx_ansible]# gpg --list-keys
gpg: WARNING: unsafe ownership on homedir `/xxx/xxx_Import_tools/Keys'
/xxx/xxx_Import_tools/Keys/pubring.gpg
------------------------------------------------
pub 2048R/B7C1CB35 2016-05-12 [expired: 2018-04-24]
uid xxx.Import <xxx#xxx.com>
pub 2048R/B75F015E 2018-07-23
uid xxx.Import <xxx#xxx.com>
sub 2048R/65AED995 2018-07-23
Does anyone has idea about this? Hope to get your help.
Since I have resolve this issue, I'd like to share my solution.
I want to delete the key with command directly, but due to permission deny, I delete the pubring.gpg / secring.gpg / trustdb.gpg in remote server. And After next deployment, these key will be import by ansible script. And these file will be generated.
I want to import a key using Kleopatra but the kleopatra was giving the error as:
Key without User ID
Then searched the internet and found the command:
gpg --import --allow-non-selfsigned-uid...
It worked for me i.e. the key got imported but when I open the details for the key it is showing the status as invalid and not able to sign and encrypt the file.
If I tried to encrypt the file I got the below error:
Unusable public key