Como resolver gpg: assinatura incorreta de dados da chave: KEY_ID Uso incorreto da chave (0x19, 0x2)

Question

Como resolver gpg: assinatura incorreta de dados da chave: KEY_ID Uso incorreto da chave (0x19, 0x2)

#1 resposta do (1 votos)

1

Estou usando o Arch Linux Linux uplink 4.14.56-1-lts #1 SMP Tue Jul 17 20:11:42 CEST 2018 x86_64 GNU/Linux . Estou tentando resolver um problema que tenho atualmente com o GnuPG 2.2.9 ( libgcrypt 1.8.3 ), mas tenho notado que tenho esses erros aparecendo o tempo todo, para qualquer operação que eu execute com gpg :

gpg: bad data signature from key 8975BA8B6100C6B1: Wrong key usage (0x19, 0x2)
gpg: bad data signature from key DEA16371974031A5: Wrong key usage (0x19, 0x2)

... então não tenho certeza se isso poderia estar interferindo no meu outro problema: assinar o Git commits e obter gpg failed to sign the data failed to write commit object .

Esta é a lista de chaves públicas / privadas que tenho:

[gorre@uplink ~]$ gpg --list-keys
gpg: bad data signature from key 8975BA8B6100C6B1: Wrong key usage (0x19, 0x2)
gpg: bad data signature from key DEA16371974031A5: Wrong key usage (0x19, 0x2)
/home/gorre/.gnupg/pubring.kbx
------------------------------
pub   rsa4096 2015-07-21 [SC] [expires: 2019-07-21]
      94AE36675C464D64BAFA68DD7434390BDBE9B9C5
uid           [ unknown] Colin Ihrig ...
sub   rsa4096 2015-07-21 [E] [expires: 2019-07-21]

pub   rsa4096 2014-04-01 [SCEA] [expires: 2024-03-29]
      FD3A5288F042B6850C66B31F09FE44734EB7990E
uid           [ unknown] Jeremiah Senkpiel ...
uid           [ unknown] keybase.io/fishrock ...
sub   rsa4096 2014-04-01 [SEA] [expires: 2024-03-29]

pub   rsa4096 2014-11-10 [SCEA]
      71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
uid           [ unknown] keybase.io/jasnell ...
uid           [ unknown] James M Snell ...
uid           [ unknown] James M Snell ...
sub   rsa2048 2014-11-10 [S] [expires: 2022-11-08]
sub   rsa2048 2014-11-10 [E] [expires: 2022-11-08]

pub   rsa2048 2013-11-18 [SC]
      DD8F2338BAE7501E3DD5AC78C273792F7D83545D
uid           [ unknown] Rod Vagg ...
uid           [ unknown] Rod Vagg ...
sub   rsa2048 2013-11-18 [E]

pub   rsa4096 2016-01-12 [SC]
      C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
uid           [ unknown] Myles Borins ...
uid           [ unknown] Myles Borins ...
uid           [ unknown] Myles Borins ...
uid           [ unknown] Myles Borins (Not used after January 2017) ...
sub   rsa2048 2016-01-12 [E] [expires: 2024-01-10]
sub   rsa2048 2016-01-12 [SA] [expires: 2024-01-10]

pub   rsa4096 2015-12-17 [SC] [expires: 2019-12-17]
      B9AE9905FFD7803F25714661B63B535A4C206CA9
uid           [ unknown] Evan Lucas ...
uid           [ unknown] Evan Lucas ...
sub   rsa4096 2015-12-17 [E] [expires: 2019-12-17]

pub   rsa4096 2016-04-07 [SC]
      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600
uid           [ unknown] Michaël Zasso (Targos) ...
sub   rsa4096 2016-04-07 [E]

pub   rsa4096 2016-10-07 [SC]
      77984A986EBC2AA786BC0F66B01FBB92821C587A
uid           [ unknown] Gibson Fahnestock ...
sub   rsa4096 2016-10-07 [E]

pub   rsa4096 2018-06-12 [SC]
      B1BEB985FA77CDF913E2EAE88E0DCA371CC3F4EC
uid           [ultimate] Gorre ...
sub   rsa4096 2018-06-12 [E]

[gorre@uplink ~]$ gpg --list-secret-keys
/home/gorre/.gnupg/pubring.kbx
------------------------------
sec   rsa4096 2018-06-12 [SC]
      MY_SECRET_KEY
uid           [ultimate] Gorre ...
ssb   rsa4096 2018-06-12 [E]

UPDATE

Parece que meu problema inicial foi de alguma forma com o gpg-agent ; Acabei configurando $HOME/.gnupg/gpg-agent.conf como:

[gorre@uplink ~]$ nano ~/.gnupg/gpg-agent.conf
max-cache-ttl 86400
default-cache-ttl 86400

default-cache-ttl-ssh 86400
max-cache-ttl-ssh 86400

# Run pacman -Ql pinentry | grep /usr/bin/ for more options, I'm using Gnome 2.x
pinentry-program /usr/bin/pinentry-gnome3

[gorre@uplink ~]$ gpg-connect-agent reloadagent /bye

... e tudo funciona bem agora - para o que eu queria. Ainda assim, esses erros estão lá, toda vez que executo o comando gpg , mas parece que isso não afeta a funcionalidade de gpg - na medida do que eu faço com ele.

git gpg gpg-agent

por x80486 27.07.2018 / 17:16

1 resposta

Tags git gpg gpg-agent

Vinculando manualmente arquivos de objetos compartilhados OpenWRT fazendo alterações permanentes no DNS

score 1 · Answer 1

Eu resolvi isso editando minha chave e adicionando o uso de "Assinatura" à subchave que era somente criptografada.

Primeiro edite a chave:

> gpg --edit-key "<my@email>"
gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: bad data signature from key ZZZZZZZZZZZZZZZZ: Wrong key usage (0x19, 0x2)
Secret key is available.

sec  rsa4096/XXXXXXXXXXXXXXXX
     created: YYYY-MM-DD  expires: never       usage: SCEA
     trust: ultimate      validity: ultimate
ssb  rsa2048/YYYYYYYYYYYYYYYY
     created: YYYY-MM-DD  expires: YYYY-MM-DD  usage: S
ssb  rsa2048/ZZZZZZZZZZZZZZZZ
     created: YYYY-MM-DD  expires: YYYY-MM-DD  usage: E
[ultimate] (1). My Name <my@email>

A subchave que o gpg estava reclamando sobre assinatura incorreta era ZZZZZZZZZZZZZZZZ , a segunda chave e, na verdade, essa era somente criptografada ( usage: E ), então adicionei Signing a essa:

gpg> key 2

sec  rsa4096/XXXXXXXXXXXXXXXX
     created: YYYY-MM-DD  expires: never       usage: SCEA
     trust: ultimate      validity: ultimate
ssb  rsa2048/YYYYYYYYYYYYYYYY
     created: YYYY-MM-DD  expires: YYYY-MM-DD  usage: S
ssb* rsa2048/ZZZZZZZZZZZZZZZZ
     created: YYYY-MM-DD  expires: YYYY-MM-DD  usage: E
[ultimate] (1). My Name <my@email>

gpg> change-usage
Changing usage of a subkey.

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? s

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q

sec  rsa4096/XXXXXXXXXXXXXXXX
     created: YYYY-MM-DD  expires: never       usage: SCEA
     trust: ultimate      validity: ultimate
ssb  rsa2048/YYYYYYYYYYYYYYYY
     created: YYYY-MM-DD  expires: YYYY-MM-DD  usage: S
ssb* rsa2048/ZZZZZZZZZZZZZZZZ
     created: YYYY-MM-DD  expires: YYYY-MM-DD  usage: SE
[ultimate] (1). My Name <my@email>

Por fim, salve as alterações:

gpg> save

FWIW Eu usei keybase há alguns anos para gerar esse par de chaves, e não sou especialista em gpg, então não sei se essa é a maneira "correta" de resolver o problema, mas funcionou para mim. Além disso, no interesse da divulgação completa, na verdade, havia duas subchaves que eram somente criptografadas e adicionei a Assinatura a ambas, mas editei a transcrição acima para torná-la mais clara. YMMV.