gpg Keeps asking "need the secret key to do this"
by gentisle from LinuxQuestions.org on (#6K5BY)
I'm trying to update an expired key for email. I'm using MacOS Sonoma 14.3.1 on an Intel Macbook. gpg version is: gpg (GnuPG) 2.3.8
libgcrypt 1.10.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
I enter gpg --edit-key XXXXX..., and I receive the gpg prompt.
Then I enter expire, and it states: Code:need the secret key to do this.
I had previously had Catalina, then upgraded to Monterey, then wiped the HDD, and reinstalled Sonoma. Prior to that, I copied my user dir to an external HDD, and subsequently copied it back to my new installation of the OS.
It's been a few years since I iniatially installed GPG, and set all this up, so I'm not remembering my password. Did I fail to back up the correct files/directories? The key still works in my email (for receiving, I don't ever send to the organization that sends me the encrypted emails). So if I revoke it, I'll never see those old emails again. I was able to change the expiry date for my main key. But what is the secret key it's asking for? Is it some file not in my .gnupg directory? The man command states "No entry for gpg". Typing ManPath = /opt/local/share/man
/usr/local/share/man
/opt/local/man
/usr/share/man
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/share/man
/Library/Developer/CommandLineTools/usr/share/man
[on one line separated by colons, of course]
However if I Code:echo $MANPATH,
I get /opt/local/share/man:/usr/local/share/man::. Not sure how those two differing manpaths can be in the same OS/shell. BTW, shell is the standard zsh.
Code:which gpg = /usr/local/bin/gpg
Anyway, when I issue the expire command at the gpg command line, it gives me that message, and I have tried putting various passwords after expire with and without "--key" after expire.
So I Googled man page gpg, and that doesn't give me anything that makes sense. Do I need to gpg --keyring file in my.gnupg dir to get the program to recognize something? the GUI gpgtools seems to read everything and all the other keys work, and as far as I can remember, all keys are there. I tried clicking on that to change the expiration date, but no luck. I can change it for my main ID, but not this expired one. Here's the output from gpg -list-sigs:
pub rsa4096 2012-10-16 [SC] [expired: 2023-10-18]
3E...3DA
uid [ expired] Some Org <noreply@someorg.com>
sig 3 A3...DA 2021-10-08 Some Org <noreply@someorg.com>
uid [ expired] Some Org <nonsense@someorg.com>
sig 3 A3...DA 2017-10-14 Some Org <noreply@someorg.com>
sig 3 A3...DA 2021-10-08 Some Org <noreply@someorg.com>
Thanks,
gentisle
libgcrypt 1.10.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
I enter gpg --edit-key XXXXX..., and I receive the gpg prompt.
Then I enter expire, and it states: Code:need the secret key to do this.
I had previously had Catalina, then upgraded to Monterey, then wiped the HDD, and reinstalled Sonoma. Prior to that, I copied my user dir to an external HDD, and subsequently copied it back to my new installation of the OS.
It's been a few years since I iniatially installed GPG, and set all this up, so I'm not remembering my password. Did I fail to back up the correct files/directories? The key still works in my email (for receiving, I don't ever send to the organization that sends me the encrypted emails). So if I revoke it, I'll never see those old emails again. I was able to change the expiry date for my main key. But what is the secret key it's asking for? Is it some file not in my .gnupg directory? The man command states "No entry for gpg". Typing ManPath = /opt/local/share/man
/usr/local/share/man
/opt/local/man
/usr/share/man
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/share/man
/Library/Developer/CommandLineTools/usr/share/man
[on one line separated by colons, of course]
However if I Code:echo $MANPATH,
I get /opt/local/share/man:/usr/local/share/man::. Not sure how those two differing manpaths can be in the same OS/shell. BTW, shell is the standard zsh.
Code:which gpg = /usr/local/bin/gpg
Anyway, when I issue the expire command at the gpg command line, it gives me that message, and I have tried putting various passwords after expire with and without "--key" after expire.
So I Googled man page gpg, and that doesn't give me anything that makes sense. Do I need to gpg --keyring file in my.gnupg dir to get the program to recognize something? the GUI gpgtools seems to read everything and all the other keys work, and as far as I can remember, all keys are there. I tried clicking on that to change the expiration date, but no luck. I can change it for my main ID, but not this expired one. Here's the output from gpg -list-sigs:
pub rsa4096 2012-10-16 [SC] [expired: 2023-10-18]
3E...3DA
uid [ expired] Some Org <noreply@someorg.com>
sig 3 A3...DA 2021-10-08 Some Org <noreply@someorg.com>
uid [ expired] Some Org <nonsense@someorg.com>
sig 3 A3...DA 2017-10-14 Some Org <noreply@someorg.com>
sig 3 A3...DA 2021-10-08 Some Org <noreply@someorg.com>
Thanks,
gentisle