Keyring snafu

Seth David Schoen schoen@loyalty.org
Thu, 12 Jul 2001 22:22:41 -0700 

Paul Mackinney writes:

> Arg. You sure you're not Moriarity?
> 
> >AFTER THE PARTY
> > 
> >1. Key signers download the party keyring from this URL...
>  
> Done. I viewed the page in lynx and used the 'p' option to save as a
> file, got 31514 bytes. This failed. Next I used a gui browser to go
> to the file & save, got 42726 bytes. Can anyone tell my why the lynx 
> thing failed?

Try wget instead.

At the moment, I have a file of 36031 bytes, and the checksum is as
follows:

bash-2.03$ md5sum bad-meeting-11-Jul-2001.gpg
1ec3fd0d79156f45358d8433fe28e53c  bad-meeting-11-Jul-2001.gpg

It's possible that Evan is still making updates to this keyring.

> >2. For each name on their keyring printout that has two checks
> >   (identified, fingerprint matches), sign that key in the
> >   keyring. For Alice to sign Bob's key, she would do a command like
> >   this...
> 
> Fails. Here's a copy of my terminal:
> 
> Attempt 1: The lynx file. I believe it's corrupt.
> 
>   dog:~> gpg --keyring /home/paul/bad-meeting-11-Jul-2001.2.gpg \
>   --sign-key "Eric Cain" --local-user "Paul Mackinney"
>   usage: gpg [options] --sign-key user-id
>   dog:~> gpg --keyring /home/paul/bad-meeting-11-Jul-2001.2.gpg \
>   --sign-key "Eric Cain"
>   gpg: skipped compressed packet in keyring
>   gpg: Eric Cain: user not found
>   dog:~>
> 
> As you can see it doesn't like the --local-user argument, and otherwise
> it behaves as if the file were corrupted.

If you have only one local user, you can omit the --local-user.

You should also run

gpg --keyring [...] --list-keys

to see the keys in there.

If this works, you'll see what are the valid user IDs to specify as
arguments to --sign-key.  If it doesn't work, you should get a
meaningful error message.

> Attempt 2: The other file...
> 
>   dog:~> gpg --keyring /home/paul/bad-meeting-11-Jul-2001.2.gpg \
>   --sign-key "Eric Cain" --local-user "Paul Mackinney"
>   usage: gpg [options] --sign-key user-id
>   dog:~> gpg --keyring /home/paul/bad-meeting-11-Jul-2001.3.gpg \
>   --sign-key "Eric Cain <ecain@debian.org>"
>   
>   pub  1024D/104B7390  created: 1998-09-06 expires: never      trust: -/q
>   sub  2048g/54D4A60A  created: 1998-09-06 expires: never
>   (1)  Eric Cain <ecain@phosphor.net>
>   (2). Eric Cain <ecain@debian.org>
>   
>   Really sign all user IDs? yes
>   gpg: no default secret key: secret key not available
>  
> It still doesn't like the --local-user argument, but now I don't have 
> the mysterious secret key.

Your --local-user argument -- if it's supported by your version of GPG
-- must specify a name associated with a key in your secret keyring.

Again, if you only have one private key, just omit the --local-user.

> >    Remember, keep the keyring separate.
> 
> I don't understand this instruction. How to proceed?

Evan just doesn't want you to do what I did, and --import the keyring.
I got lazy and didn't remember the bit about having to supply the full
path, so I took the easy way out.

-- 
Seth David Schoen <schoen@loyalty.org>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5