Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GPG error "gpg: error retrieving '[email protected]' via WKD: No data" #375

Open
dfrancoa opened this issue Jul 21, 2023 · 5 comments
Open

Comments

@dfrancoa
Copy link

I'm facing and error that for some reason I can't solve, I've looked at all the issues that look similar and all the solutions in those issues do not work at all.
currently I'm running on a Mac:
System Version: macOS 13.4.1 (c) (22F770820d)
Model Name: MacBook Pro
Model Identifier: MacBookPro15,1
Processor Name: 6-Core Intel Core i7

I'm able to decrypt all files of my repo but I'm not able to encrypt and get this error:

WARNING: This will overwrite any unencrypted files laying about.
Press CTRL-C now to stop. ENTER to continue:
========== RE-ENCRYPTING FILES:
========== PROCESSING "terraform/1-base/roles.tf"
========== Encrypting: terraform/1-base/roles.tf
gpg: error retrieving '[email protected]' via WKD: No data
gpg: [email protected]: skipped: No data
gpg: terraform/1-base/roles.tf: encryption failed: No data

I'm added as an admin and I can see my self there:
$ blackbox_list_admins | grep dfranco
[email protected]

and my gpg key is also there:
$ gpg --homedir=.blackbox --list-keys | grep -C3 dfranco
gpg: WARNING: unsafe permissions on homedir '/Users/daniel/github/secureauth/willow/.blackbox'

pub rsa4096 2023-07-19 [SC]
D4F87815ommittedE91F15DF
uid [ unknown] Daniel Franco (Secureauth GPGKey) [email protected]
sub rsa4096 2023-07-19 [E]

and I have that key on my local keyring:
$ gpg --list-keys
[keyboxd]

pub rsa4096 2023-07-19 [SC]
D4F87815ommittedE91F15DF
uid [ultimate] Daniel Franco (Secureauth GPGKey) [email protected]
sub rsa4096 2023-07-19 [E]

My gpg version is:
$ gpg --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html

So from what I understand is the blackbox should grab the gpg keys on .blackbox/pubring.kbx and do all decrypting and encrypting from that information, but it looks like is grabbing the local keyboxd information. I was able to confirm this because I was having that same error:
gpg: error retrieving '[email protected]' via WKD: No data
with another user and as soon as I imported the private key for that user to my local gpg keyring I stopped getting that error for that user and started getting it for the other one.

The next step was to try to use the /.blackbox as the home for gnupg with:
export GNUPGHOME=~/github/secureauth/willow/.blackbox
This did not work and gave me some other error
I set the enviromental value to the default one and went back to the same error..

Then I tried to export the blackbox pubring.kbx into my local with:

gpg --import .blackbox/pubring.gpg

gpg --no-default-keyring --keyring .blackbox/pubring.gpg --export -a | gpg --import

this did not work because there is no such file, so I changed it to:

gpg --import .blackbox/pubring.kbx

gpg --no-default-keyring --keyring .blackbox/pubring.kbx --export -a | gpg --import

this did not work either. So what am I missing here?... I still keep getting the same error, so the fix is to get all the private keys for all the admins, but I don't think that is doable. So if someone has a solution for this I would appreciate if I could be guided in the correct direction.

@jmigual
Copy link

jmigual commented Aug 1, 2023

So I was having just this error as well and it turns out that my local private keys where corrupted / not working properly and the blackbox keys had expired so I had to remove all admins with expired keys and add them again.

@dfrancoa
Copy link
Author

So I was having just this error as well and it turns out that my local private keys where corrupted / not working properly and the blackbox keys had expired so I had to remove all admins with expired keys and add them again.

So far I deleted all my keys and I was taken out from the admis and then I was put in again to the admins with a whole new different key, I can decrypt just fine, but encrypting is the thing I can't do

@jmigual
Copy link

jmigual commented Aug 10, 2023

Yeah, based on the error you have it looks like the problem is not your key but the public key of [email protected] is somehow incorrect/corrupt

@bluebrown
Copy link

Same issue here. I tried the below without success

gpg --no-default-keyring --keyring .blackbox/pubring.kbx \
  --with-subkey-fingerprint --quick-set-expire <fingerprint> 6m

any idea how to fix this?

@kxgillispie
Copy link

We ran into a similar issue, and we were able to resolve by removing the use-keyboxd option that fresh gpg installs now seem to add by default in ~/.gnupg/common.conf.

Release notes for this change: https://dev.gnupg.org/source/gnupg/browse/master/NEWS$82

Noteworthy changes in version 2.4.1 (2023-04-28)

  • If the ~/.gnupg directory does not exist, the keyboxd is now automagically enabled. [rGd9e7488b17]

And docs from gpg indicating behavior of this flag, which seems to cause gpg to totally ignore arguments specifying which keyring should be used:

Note that if the option use-keyboxd is enabled in common.conf, no keyrings are used at all and keys are all maintained by the keyboxd process in its own database.

No idea if that's the "best" solution - or of any potential downsides to keeping keyboxd disabled - but it fixed our blackbox issue..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants