Page MenuHome GnuPG

Keyboxd doesn't notify user of unmigrated keys
Open, NormalPublic

Description

Hello,

I encountered an issue with GnuPG 2.4.5 (libgcrypt 1.10.3, Keyboxd 2.4.5).

About a month ago, I reinstalled my system and rsync-ed the backup of my home directory.
Then I noticed the issue, I was not able to use any of my GPG keys, even though they were present in my .gnupg directory.
For example, I was not able to list either my private or public keys.

After looking through GnuPG logs with gpg --verbose --list-keys --debug-level 9 and searching the web for a very long time, I found this:
https://github.com/gpg/gnupg/blob/42ee84197695aca44f5f909a0b1eb59298497da0/README#L131C17-L131C22

Then I realised what happened: .gnupg directory from my backup is several years old (honestly, I think it was originally generated around 6 years ago).
Therefor, it didn't have a common.conf file, which since version 2.4.1 contains use-keyboxd.
My newly installed system had generated a .gnupg directory with a common.conf file, and rsync just overlaid my backup over it.
Which basically resulted in my old .gnupg directory that contains common.conf file from the new one that tells GnuPG to not read my keys that are in the old format.

This wouldn't have happened if I used rsync's --delete option, which makes sure overlaying doesn't happen.
However, this issue was pretty hard to debug, and from my web searches, I was not the only one experiencing it.
Since there is no automatic migration from the old key format to Keyboxd, I think it would be very beneficial to warn users when there are keys present in the old format while Keyboxd is enabled.

Thanks a lot!

Details

Version
2.4.5

Event Timeline

werner added a subscriber: werner.

Well, backup and restore oddity. I don't think that that we can have a full solution here unless we provide dedicated backup and restore scripts.

As of now it is possible to run an old 2.2 version also with the same configuration and the pubring.kbx. This is on purpose.

What we can do is to provide a warning if a pubring.kbx or pubring.gpg still exists when use-keyboxd is enabled. And option to silence this warning.

What we can do is to provide a warning if a pubring.kbx or pubring.gpg still exists when use-keyboxd is enabled. And option to silence this warning.

Sounds good 😃

werner triaged this task as Normal priority.Aug 16 2024, 3:04 PM
werner added a project: gnupg24.