Today I noticed that one of my PGP private key just disappeared of GPG. The key did not appear when I did gpg --list-secret-keys
. After a bit of investigation I discovered that the problem did not affect Linux hosts but only FreeBSD hosts. Weird…
The source of the problem was a migration from GnuPG v2.0 to v2.1. According to this page, GPG does not handle the private keys anymore and delegates all private keys operations to the gpg-agent. Therefore GPG v2.1 migrates the legacy secret keyring, secring.gpg
, to the gpg-agent key store, private-keys-v1.d
and then forgets about it.
Though, you see, my GPG keyrings were synchronized across all hosts. But the GnuPG package on Debian is still v2.0, while FreeBSD is v2.1. Get the picture?
I synced my keyring on FreeBSD hosts where GPG migrated my private keys to the gpg-agent key store. Then I generated a new key pair on a Debian host, which was added to the legacy keyring. Resynced, but the newer version of GPG didn’t care, they already migrated to the new key store.
Fortunately it was easy to fix, all you have to do is re-import your legacy keyring with one of the newer versions of GPG. The private keys are now also present in the new key store so you can sync to all other hosts.
gpg --import $HOME/.gnupg/secring.gpg gpg --list-secret-keys
eiiiii! You saved my life 🙂
thanks, thanks, thanks! I’m reading today since one hour and I like your posts, I add them into my feedly RSS.
I’m using FreeBSD on two Lenovo Thinkpad laptops, and I regulary write also about FreeBSD and other stuff on my personal web page.
Nice to read you 😉 thanks and cheers!
yes, thank you that worked! with the new gpg v2.1 version the location of the secret key has been migrated. for some reason, it did not work for me so i had to re-import it.
$ gpg2 -k -v
gpg: using pgp trust model
gpg: Note: signature key 2208F2CE3FCEA0D3 expired Wed 28 Dec 2016 09:30:39 PM CET
/home/qmi/.gnupg/pubring.kbx