Ubuntu

Using seahorse: how can I get cli gpg to work?

Asked by nine

I'm using seahorse for key management on hardy. I would like to be able to use gpg on the commandline also. Seahorse has created a practically empty ~/.gnupg/gpg.conf. If I do an 'apt-get source', gpg complains (this is on package bc, but it happens on any package):

gpg: Signature made Wed 05 Dec 2007 12:58:47 PM CET using DSA key ID 0F932C9C
gpg: Can't check signature: public key not found

I can search, save and import the key in seahorse and get rid of that message, but that is very cumbersome. In seahorse I set 'Automatically retrieve keys from keyservers', but obviously gpg does not use that setting.

And hoping this is related: gpgv on the commandline also does not work:

carol@duper:~/dev/bc$ gpgv bc_1.06.94-3ubuntu1.dsc
gpgv: keyblock resource `/home/carol/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Wed 05 Dec 2007 12:58:47 PM CET using DSA key ID 0F932C9C
gpgv: Can't check signature: public key not found

This file 'trustedkeys.gpg' does not exist.

So my question is: how can I get seahorse and gpg work together?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Gord Allott
Solved:
Last query:
Last reply:
Revision history for this message
Gord Allott (gordallott) said : 		#1

gpgv seems a little buggy, i get some errors too on my install.

you can use "gpg --check-sigs" to check the signitures you have in your current keyring

to get rid of that public key not found signiture you can just remove that key
"gpg --delete-key 0F932C9C"

Revision history for this message
nine (niin-deactivatedaccount-deactivatedaccount) said : 		#2

Thank you for your prompt attempt to help. "gpg --check-sigs" sais (after a long list of keys):

1 bad signature
6042 signatures not checked due to missing keys

"gpg --delete-key 0F932C9C" as a solution for a missing key seems strange to me. However, I did it in case I'm missing the point, but the result was as I expected:

gpg: key "0F932C9C" not found: eof
gpg: 0F932C9C: delete key failed: eof

Now I want to stress that seahorse created a practically empty ~/.gnupg/gpg.conf. How is it possible for gpg to work with that? Does gpg for instance get its keyservers from some other location on hardy?

Or should I manually keep the two in sync?

Revision history for this message
nine (niin-deactivatedaccount-deactivatedaccount) said : 		#3

I searched for 'gpg.conf' on help.ubuntu.com and I think I found a workaround. I would like somebody to confirm that this is a good way to do it.

The search found https://help.ubuntu.com/community/GnuPrivacyGuardHowto, which says:

"If you are upgrading from Ubuntu 7.04 (Fiesty), the file ~/.gnupg/gpg.conf may have failed to be created by default in your home directory due to a bug in the gnupg package. In that case, GPG agent integration will not be enabled by default. If you have not created your own gpg.conf, you can correct this issue by running cp /usr/share/gnupg/options.skel ~/.gnupg/gpg.conf."

Now I am not upgrading from Feisy; I installed Hardy from CD. But I copied options.skel anyway and I uncommented "keyserver-options auto-key-retrieve". Also I set default-key and I added keyservers from the list in seahorse.

Now gpg does not complain anymore when doing an 'apt-get source' (I tried 4 packages). Is this the right way to do it?

gpgv still complains about the missing 'trustedkeys.gpg', but that is not a real problem (I just started using it to try to track down the problem with gpg itself).

Revision history for this message
Best Gord Allott (gordallott) said : 		#4

yeah that'll be fine that method, the file "/usr/share/gnupg/options.skel" is basically just a default options file so its not going to cause any problems.

Revision history for this message
nine (niin-deactivatedaccount-deactivatedaccount) said : 		#5

Thanks. This solved my problem.