Using empty passphrase generated keys (from gpg2, old pubring/secring format), gpg2.3.4 fails to decrypt with an error message "No secret key" on gpg1.4/2.0 keyring format even though the secret keys porting and migration were successful according to the log.
Note: I tried to testing empty passphrase generated key pair in gpg2.3.4 and encryption/decryption was successful.
GnuPG version:
gpg (GnuPG) 2.3.4
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/geodnila/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
Here are the details of the test that I did.
This is keyring directory from gpg1.4/2.0
fubar:testingGPG2.3.4-> ls -lstra gnupg2.0_keyring
total 160
32 drwxrwxrwx. 9 geodnila newbiz 801 Jan 27 16:15 ..
32 drwxrwxrwx. 2 geodnila newbiz 58 Jan 27 16:15 .
48 -rwxrwxrwx. 1 geodnila newbiz 1160 Jan 27 16:15 pubring.gpg
48 -rwxrwxrwx. 1 geodnila newbiz 2538 Jan 27 16:15 secring.gpg
list the keys using gpg2.3.4 executable from gnupg2.0_keyring
fubar:testingGPG2.3.4-> gpg2.3.4_rhel8 --homedir gnupg2.0_keyring --list-keys
gpg: WARNING: unsafe permissions on homedir '/home/geodnila/testingGPG2.3.4/gnupg2.0_keyring'
gpg: /home/geodnila/testingGPG2.3.4/gnupg2.0_keyring/trustdb.gpg: trustdb created
/home/geodnila/gnupg2.0_keyring/pubring.gpg
----------------------------------------------------------------------------------
pub rsa2048 2020-01-21 [SCEA]
3D750223D5B78DB1FEA5A23714BC819B0A74ABC1
uid [ unknown] testclientdev
pub rsa2048 2020-07-09 [SCEA]
CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1
uid [ unknown] testclientdev
List the secret-keys from the gnupg2.0_keyring using gpg2.3.4 executable
The secret keys were ported and migrated successfully according to the logs below
by just listing the secret keys
fubar:testingGPG2.3.4-> gpg2.3.4_rhel8 --homedir gnupg2.0_keyring --list-secret-keys
gpg: WARNING: unsafe permissions on homedir '/home/geodnila/testingGPG2.3.4/gnupg2.0_keyring'
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from 'home/geodnila/testingGPG2.3.4/gnupg2.0_keyring/secring.gpg' to gpg-agent
gpg: key 14BC819B0A74ABC1: secret key imported
gpg: key F7E2E540CBDD6AE1: secret key imported
gpg: migration succeeded
/home/geodnila/gnupg2.0_keyring/pubring.gpg
----------------------------------------------------------------------------------
sec rsa2048 2020-01-21 [SCEA]
3D750223D5B78DB1FEA5A23714BC819B0A74ABC1
uid [ unknown] testclientdev
sec rsa2048 2020-07-09 [SCEA]
CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1
uid [ unknown] testclientdev
content of the gnupg2.0_keyring at this point
fubar:testingGPG2.3.4-> ls -lstraR gnupg2.0_keyring/
total 264
32 drwxrwxrwx. 9 geodnila newbiz 801 Jan 27 16:15 ..
48 -rwxrwxrwx. 1 geodnila newbiz 1160 Jan 27 16:15 pubring.gpg
48 -rwxrwxrwx. 1 geodnila newbiz 2538 Jan 27 16:15 secring.gpg
48 -rwxrwxrwx. 1 geodnila newbiz 1200 Jan 27 16:28 trustdb.gpg
32 drwxrwxrwx. 2 geodnila newbiz 124 Jan 27 16:33 private-keys-v1.d
24 -rwxrwxrwx. 1 geodnila newbiz 0 Jan 27 16:33 .gpg-v21-migrated
32 drwxrwxrwx. 3 geodnila newbiz 157 Jan 27 16:33 .
edhlsfepd008.otprod.dstcorp.net:/usr/local/farm/common/engel/GPG2.3.4/RHEL8.2/testing-> ls -lstraR fg
edhlsfepd008.otprod.dstcorp.net:/usr/local/farm/common/engel/GPG2.3.4/RHEL8.2/testing-> ls -lstraR gnupg2.0_keyring/
gnupg2.0_keyring/:
total 264
32 drwxrwxrwx. 9 geodnila newbiz 801 Jan 27 16:15 ..
48 -rwxrwxrwx. 1 geodnila newbiz 1160 Jan 27 16:15 pubring.gpg
48 -rwxrwxrwx. 1 geodnila newbiz 2538 Jan 27 16:15 secring.gpg
48 -rwxrwxrwx. 1 geodnila newbiz 1200 Jan 27 16:28 trustdb.gpg
32 drwxrwxrwx. 2 geodnila newbiz 124 Jan 27 16:33 private-keys-v1.d
24 -rwxrwxrwx. 1 geodnila newbiz 0 Jan 27 16:33 .gpg-v21-migrated
32 drwxrwxrwx. 3 geodnila newbiz 157 Jan 27 16:33 .
gnupg2.0_keyring/private-keys-v1.d:
total 160
48 -rwxrwxrwx. 1 geodnila newbiz 2701 Jan 27 16:33 6F484E349157AB7F43700283F78DF8F044BA8065.key
32 drwxrwxrwx. 2 geodnila newbiz 124 Jan 27 16:33 .
48 -rwxrwxrwx. 1 geodnila newbiz 2701 Jan 27 16:33 FF293D5AAEC940977E1825F8B8305A18CF7C4D2A.key
32 drwxrwxrwx. 3 geodnila newbiz 157 Jan 27 16:33 ..
Encrypt using the key with empty passphrase. Successful
fubar:testingGPG2.3.4-> gpg2.3.4_rhel8 --homedir gnupg2.0_keyring --no-permission-warning --no-random-seed-file --no-secmem-warning --batch --yes --always-trust --no-auto-check-trustdb -r testclientdev -o samplefile.txt.enc --encrypt samplefile.txt
create the empty passphrase file
fubar:testingGPG2.3.4-> echo >emptypassphrasefile
Decrypt using a key with empty passphrase. Failed
fubar:testingGPG2.3.4-> gpg2.3.4_rhel8 --homedir gnupg2.0_keyring --no-secmem-warning --no-mdc-warning --no-symkey-cache --pinentry-mode loopback --batch --yes --passphrase-fd 5 -o samplefile.txt.dec --decrypt samplefile.txt.enc 5<emptypassphrasefile
gpg: WARNING: unsafe permissions on homedir '/home/geodnila/gnupg2.0_keyring'
gpg: encrypted with rsa2048 key, ID 14BC819B0A74ABC1, created 2020-01-21
"testclientdev"
gpg: public key decryption failed: No passphrase given
gpg: decryption failed: No passphrase given