I don't get the message while signed in of course, but going incognito
or the next day, the message is back.
How is any browser supposed to trust a self-signed certificate if the
issuer is unknown to the browser? Is there something I can add to my
OS that will let it know you are the issuer?
I have seen this issue before, even on bank sites, going back 5 years
at least. I would like to know if there is a general solution.
You have marked this resolved so may not look at it anymore. I should
not have made this seem to be a Chrome issue. Firefox is the same and
their detailed message is more helpful:
bugs.gnupg.org uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for the following names:
www.g10code.com, g10code.com, ftp.g10code.com, bugs.g10code.com,
git.g10code.com
(Error code: sec_error_unknown_issuer)
I understand you may not have time to work on this since it's not the
bug I thought.
I hope you will just answer one question for me though.
Having imported my key in the system-wide keyring defined in my
gpg.conf, can I safely do without the local pubring.gpg?
Or, is it necessary for some reason that I import my public key back
into the local pubring.gpg so that there will be a double listing of
my key when I do gpg -k?
I am finally understanding what is going on with the duplicate listing
of my key, and now wonder if I have screwed something up with the
procedure that "fixed" the double key.
The reason for getting my public key listed twice as an output to 'gpg
-k' is that it first listed the contents of ~/.gnupg/pubring.gpg (just
my key) then listed the contents of /etc/pacman.d/gnupg/pubring.gpg
which also had my key in it. The reason it listed
/etc/pacman.d/gnupg/pubring.gpg is that was the keyring defined in my
gpg.conf.
My procedure that successfully got rid of the duplicate listing has
actually made my ~/.gnupg/pubring.gpg file empty! So, I don't get a
duplicate because gpg -k only lists the contents of
/etc/pacman.d/gnupg/pubring.gpg.
Will this work as is or should I try to put my public key back into
~/.gnupg/pubring.gpg?
I figured out the steps that led to the duplicate entry in the first
place. After editing ~/.gnupg/gpg.conf to include
keyring /etc/pacman.d/gnupg/pubring.gpg
I generated the key
gpg --gen-key
Then did
sudo pacman-key --import /home/colin/.gnupg
I've filed a bug against pacman-key, but I think it translates to
sudo gpg --homedir /etc/pacman.d/gnupg/ --no-permission-warning --
import /home/colin/.gnupg
And, this is what lead to the duplicate entry. Does it make sense this
would lead to a duplicate entry? Is it a bug of gpg, or is it supposed
to do that for some reason?
You say Chrome should be able to handle it, but it's not. I am using
the most up-to-date version of Chrome available for Linux: Version
40.0.2214.6 dev (64-bit), and it is not handling the certificate
properly. The wording of the "advanced" message indicates this is the
fault of my operating system. If this is a bug of Arch Linux, what
package would I file the bug against?
After reading your suggestion, I realized using the fingerprint would
be the same as deleting the secret key for "Colin N Keenan" instead of
"Colin Keenan". Since I had made a backup of .gnupg while it was
showing a duplicate public key for "Colin Keenan", I realized that's
what I wanted to do anyway. So, I solved the issue by
gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg
But still, this seems like a bug. Is there a better way to remove a
duplicate entry? Also, why is it allowed to have a duplicate entry?