9
gpgme (gpg/gnupg geliştirme kitaplığı) kullanarak bazı verileri imzalamaya çalışıyorum. Anahtar halkasında 1'den fazla özel anahtar var, bu yüzden doğru olanı seçmek istiyorum. Bu, "Kullanılamaz gizli anahtar (117440566)" ile başarısız. Anahtar, gnupg2'nin kendisi ile oluşturuldu. Gnupg kullanırken sorun da oluşur.gpgme: veri imzalanırken özel bir anahtarın seçilmesi
gpgme_op_keylist_start(..., ..., 1);
if (gpgme_op_keylist_nex() == GPG_ERR_NO_ERROR) { proceed }
imzalama yapın:: Artık
gpgme_new()
gpgme_set_pinentry_mode(GPGME_PINENTRY_MODE_LOOPBACK) // yes i installed v2.1
gpgme_set_passphrase_cb()
/* ...binary to gpgme_data_t... */
gpgme_data_set_encoding(GPGME_DATA_ENCODING_BINARY)
gpgme_signers_clear()
gpgme_signers_add() // <- that key that I checked for existance earlier
if (gpgme_signers_count() != 1) { fail(); } // sanity check
gpgme_op_encrypt_sign(ctx, recipient, GPGME_ENCRYPT_ALWAYS_TRUST /* FIXME */, data_in, sig);
o gpgme_op_encrypt_sign her zaman "Kullanılamıyor gizli anahtar ile başarısız (seçilen anahtar için bir özel anahtar varsa
sec 1024R/14B7E8E6 2015-05-27
Key fingerprint = 95C7 6C5E F839 43DA 2F32 2CF4 D2C2 5144 14B7 E8E6
uid testkey2 (testkey2) <[email protected]>
ssb 1024R/ED8059EA 2015-05-27
pub rsa1024/14B7E8E6
created: 2015-05-27 expires: never usage: SC
trust: ultimate validity: ultimate
sub rsa1024/ED8059EA
created: 2015-05-27 expires: never usage: E
sub rsa1024/74D6F5C6
created: 2015-05-31 expires: never usage: S
Önce kontrol 117440566) "hata. Herhangi bir ipucu/ipucu?
Yazılım sürümleri:
gnupg 1.4.18-7
gnupg-agent 2.1.4-1
gnupg2 2.1.4-1
libgpgme++2 4:4.14.2-2+b1
libgpgme11:amd64 1.5.1-6
libgpgme11-dev 1.5.1-6
python-gnupginterface 0.3.2-9.1
Ben ayıklama-tracing etkin ama o beni çok yardımcı olmuyor:
<0x1927> gpgme_debug: level=4
<0x1927> gpgme_check_version: call: 0=(nil), req_version=(null), VERSION=1.5.1
<0x1927> gpgme_check_version_internal: call: 0=(nil), req_version=(null), offset_sig_validity=60
<0x1927> gpgme_set_locale: enter: ctx=(nil), category=0, value=C
<0x1927> gpgme_set_locale: leave
<0x1927> gpgme_set_locale: enter: ctx=(nil), category=5, value=C
<0x1927> gpgme_set_locale: leave
<0x1927> gpgme-dinfo: gpgconf='/usr/bin/gpgconf'
<0x1927> gpgme-dinfo: gpg='/usr/bin/gpg2'
<0x1927> gpgme-dinfo: gpgsm='/usr/bin/gpgsm'
<0x1927> gpgme-dinfo: homedir='/home/folkert/.gnupg'
<0x1927> gpgme-dinfo: agent='/home/folkert/.gnupg/S.gpg-agent'
<0x1927> gpgme-dinfo: uisrv='/home/folkert/.gnupg/S.uiserver'
<0x1927> gpgme_new: enter: r_ctx=0x7fff5afd07a8
<0x1927> gpgme_new: leave: ctx=0x20c0810
<0x1927> gpgme_op_keylist_start: enter: ctx=0x20c0810, pattern=0BF38589, secret_only=1
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 4, dir=1 -> tag=0x20c26b0
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 6, dir=1 -> tag=0x20c2800
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 0, type_data (nil)
<0x1927> gpgme_op_keylist_start: leave
<0x1927> gpgme_op_keylist_next: enter: ctx=0x20c0810
<0x1927> _gpgme_run_io_cb: call: item=0x20c2820, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c2820, handler (0x20c0c10, 6)
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = (nil), line = sec:u:2048:1:CC73A8A60BF38589:1433443717:::u:::scESC::::::
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = fpr:::::::::20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = uid:u::::1433443717::9963CFDE0C8920AD077B06A281992C4008E67E4F::testkey3 (testkey3) <[email protected]>:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = ssb:u:2048:1:22317805D48C1491:1433443717::::::e::::::
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = fpr:::::::::FB6FFB7D8BEC710A745DE86C22317805D48C1491:
<0x1927> _gpgme_run_io_cb: call: item=0x20c26d0, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c26d0, handler (0x20c0c10, 4)
<0x1927> _gpgme_remove_io_cb: call: data=0x20c26b0, setting fd 0x4 (item=0x20c26d0) done
<0x1927> _gpgme_run_io_cb: call: item=0x20c2820, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c2820, handler (0x20c0c10, 6)
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = (null)
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 2, type_data 0x20c2850
<0x1927> _gpgme_remove_io_cb: call: data=0x20c2800, setting fd 0x6 (item=0x20c2820) done
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd0700
<0x1927> gpgme_op_keylist_next: leave: key=0x20c2850 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
<0x1927> gpgme_release: call: ctx=0x20c0810
<0x1927> gpgme_new: enter: r_ctx=0x7fff5afd0818
<0x1927> gpgme_new: leave: ctx=0x20c2210
<0x1927> gpgme_op_keylist_start: enter: ctx=0x20c2210, pattern=4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02, secret_only=0
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c2210, fd 4, dir=1 -> tag=0x20c1f50
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c2210, fd 6, dir=1 -> tag=0x20c1fa0
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 0, type_data (nil)
<0x1927> gpgme_op_keylist_start: leave
<0x1927> gpgme_op_keylist_next: enter: ctx=0x20c2210
<0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, handler (0x20c0c10, 6)
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = (nil), line = tru::0:1433443869:2410285847:3:1:5
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = (nil), line = pub:-:1024:17:3AD6F8118300CC02:1039074767:::-:::scESC::::::
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = fpr:::::::::4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = uid:-::::1203999932::275AAD3E991F1962AD510CC96760907BE70FE668::Bla <[email protected]>:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = uid:-::::1203999938::59689891229F1817EF66BFC63D9D0BB2F45F5209::Bla <[email protected]>:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = uid:r::::::8A709552E7AB85B53DDAE18A48C0978E5EBF5547::Bla <[email protected]>:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = sub:-:2048:16:942E547C12A6B1C2:1039075030::::::e::::::
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = fpr:::::::::E69EF5226BBF7EC14F1D7D96942E547C12A6B1C2:
<0x1927> _gpgme_run_io_cb: call: item=0x20c1f70, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c1f70, handler (0x20c0c10, 4)
<0x1927> _gpgme_remove_io_cb: call: data=0x20c1f50, setting fd 0x4 (item=0x20c1f70) done
<0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, handler (0x20c0c10, 6)
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = (null)
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 2, type_data 0x20c2b70
<0x1927> _gpgme_remove_io_cb: call: data=0x20c1fa0, setting fd 0x6 (item=0x20c1fc0) done
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd0760
<0x1927> gpgme_op_keylist_next: leave: key=0x20c2b70 (4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02)
<0x1927> gpgme_release: call: ctx=0x20c2210
<0x1927> gpgme_new: enter: r_ctx=0x7fff5afd07c8
<0x1927> gpgme_new: leave: ctx=0x20c2550
<0x1927> gpgme_set_passphrase_cb: call: ctx=0x20c2550, passphrase_cb=(nil)/(nil)
<0x1927> gpgme_set_pinentry_mode: call: ctx=0x20c2550, pinentry_mode=4
<0x1927> gpgme_set_passphrase_cb: call: ctx=0x20c2550, passphrase_cb=0x403420/0x20c0058
<0x1927> gpgme_set_passphrase_cb: call: ctx=0x20c2550, passphrase_cb=0x403420/0x20c0058
<0x1927> gpgme_new: enter: r_ctx=0x7fff5afd0768
<0x1927> gpgme_new: leave: ctx=0x20c0810
<0x1927> gpgme_op_keylist_start: enter: ctx=0x20c0810, pattern=0BF38589, secret_only=0
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 4, dir=1 -> tag=0x20c4fd0
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 6, dir=1 -> tag=0x20c5120
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 0, type_data (nil)
<0x1927> gpgme_op_keylist_start: leave
<0x1927> gpgme_op_keylist_next: enter: ctx=0x20c0810
<0x1927> _gpgme_run_io_cb: call: item=0x20c5140, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c5140, handler (0x20c1d50, 6)
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = (nil), line = tru::0:1433443869:2410285847:3:1:5
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = (nil), line = pub:u:2048:1:CC73A8A60BF38589:1433443717:::u:::scESC::::::
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = fpr:::::::::20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = uid:u::::1433443717::9963CFDE0C8920AD077B06A281992C4008E67E4F::testkey3 (testkey3) <[email protected]>:
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = sub:u:2048:1:22317805D48C1491:1433443717::::::e::::::
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = fpr:::::::::FB6FFB7D8BEC710A745DE86C22317805D48C1491:
<0x1927> _gpgme_run_io_cb: call: item=0x20c4ff0, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c4ff0, handler (0x20c1d50, 4)
<0x1927> _gpgme_remove_io_cb: call: data=0x20c4fd0, setting fd 0x4 (item=0x20c4ff0) done
<0x1927> _gpgme_run_io_cb: call: item=0x20c5140, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c5140, handler (0x20c1d50, 6)
<0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = (null)
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 2, type_data 0x20c5170
<0x1927> _gpgme_remove_io_cb: call: data=0x20c5120, setting fd 0x6 (item=0x20c5140) done
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd06c0
<0x1927> gpgme_op_keylist_next: leave: key=0x20c5170 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
<0x1927> gpgme_release: call: ctx=0x20c0810
<0x1927> gpgme_signers_clear: call: ctx=0x20c2550
<0x1927> gpgme_signers_add: enter: ctx=0x20c2550, key=0x20c2850 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
<0x1927> gpgme_signers_add: leave
<0x1927> gpgme_op_encrypt_sign: enter: ctx=0x20c2550, flags=0x1, plain=0x20c2ed0, cipher=0x20c3f20
<0x1927> gpgme_op_encrypt_sign: check: ctx=0x20c2550, recipient[0] = 0x20c5170 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
<0x1927> gpgme_sig_notation_get: call: ctx=0x20c2550, ctx->sig_notations=(nil)
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c2550, fd 4, dir=1 -> tag=0x20c2070
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c2550, fd 8, dir=1 -> tag=0x20c21c0
<0x1927> _gpgme_add_io_cb: call: ctx=0x20c2550, fd 11, dir=0 -> tag=0x20c2210
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 0, type_data (nil)
<0x1927> _gpgme_run_io_cb: call: item=0x20c2230, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c2230, handler (0x20c2ed0, 11)
<0x1927> _gpgme_data_outbound_handler: enter: dh=0x20c2ed0, fd=0xb
<0x1927> _gpgme_data_outbound_handler: leave
<0x1927> _gpgme_run_io_cb: call: item=0x20c2230, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c2230, handler (0x20c2ed0, 11)
<0x1927> _gpgme_data_outbound_handler: enter: dh=0x20c2ed0, fd=0xb
<0x1927> _gpgme_remove_io_cb: call: data=0x20c2210, setting fd 0xb (item=0x20c2230) done
<0x1927> _gpgme_data_outbound_handler: leave
<0x1927> _gpgme_run_io_cb: call: item=0x20c2090, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c2090, handler (0x20c1d50, 4)
<0x1927> _gpgme_run_io_cb: call: item=0x20c2090, need to check
<0x1927> _gpgme_run_io_cb: call: item=0x20c2090, handler (0x20c1d50, 4)
<0x1927> _gpgme_cancel_with_err: enter: ctx=0x20c2550, ctx_err=117440566, op_err=0
<0x1927> _gpgme_remove_io_cb: call: data=0x20c2070, setting fd 0x4 (item=0x20c2090) done
<0x1927> _gpgme_remove_io_cb: call: data=0x20c21c0, setting fd 0x8 (item=0x20c21e0) done
<0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd06c0
<0x1927> _gpgme_cancel_with_err: leave
<0x1927> gpgme_op_encrypt_sign: error: Unusable secret key <GPGME>
<0x1927> gpgme_release: call: ctx=0x20c2550
DÜZENLEME
@kylehuff tarafından talep edildiği üzere, Burada anahtar seçim kodu:
search_key_result_t gpgme::find_key(const std::string & key_id, const bool priv_key_only, gpgme_key_t *k, std::string *const error)
{
error -> clear();
*k = NULL;
gpgme_ctx_t ctx = NULL;
if (!my_gpgme_new(&ctx, false, error))
return SK_ERROR;
gpgme_error_t err = gpgme_op_keylist_start(ctx, key_id.c_str(), priv_key_only ? 1 : 0);
if (err != GPG_ERR_NO_ERROR)
{
error -> append(format("Problem searching for %s: %s (%d)", key_id.c_str(), gpg_strerror(err), err));
gpgme_release(ctx);
return SK_ERROR;
}
err = gpgme_op_keylist_next(ctx, k);
if (err == GPG_ERR_EOF)
return SK_NOT_FOUND;
if (err != GPG_ERR_NO_ERROR)
{
error -> append(format("Problem finding %s: %s (%d)", key_id.c_str(), gpg_strerror(err), err));
gpgme_release(ctx);
return SK_ERROR;
}
gpgme_release(ctx);
return SK_FOUND;
}
10 Sonra yapıcısı içinde yapmam:
std::string error;
if (find_key(my_key_id, true, &my_key, &error) != SK_FOUND)
error_exit(false, "Cannot find key %s: %s", my_key_id.c_str(), error.c_str());
ve ne zaman zaman imzalamak için:
if (find_key(target_uid, false, &recipient[0], error) != SK_FOUND)
break;
gpgme_signers_clear(ctx);
err = gpgme_signers_add(ctx, my_key);
if (err != GPG_ERR_NO_ERROR)
{
error -> append(format("gpgme_signers_add(%s) failed: %s (%d)", my_key_id.c_str(), gpg_strerror(err), err));
break;
}
int n_signers = gpgme_signers_count(ctx);
if (n_signers != 1)
{
error -> append(format("Number of signers (%d) not expected number (1)", n_signers));
break;
}
err = gpgme_op_encrypt_sign(ctx, recipient, GPGME_ENCRYPT_ALWAYS_TRUST /* FIXME */, data_in, sig);
if (err != GPG_ERR_NO_ERROR)
{
error -> append(format("gpgme_op_encrypt failed: %s (%d)", gpg_strerror(err), err));
break;
}
@kylehuff, bu talep nedir? Teşekkür
DÜZENLEME
İşte listeleme 20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589 içindir:
tru::0:1433443869:2410285847:3:1:5
pub:u:2048:1:CC73A8A60BF38589:2015-06-04:::u:testkey3 (testkey3) <[email protected]>::scESC:
sub:u:2048:1:22317805D48C1491:2015-06-04::::::e:
DÜZENLEME
Folkert @ travelmate: ~ $ gpg2 --local kullanıcılı 14B7E8E6 --sign bla .txt
folkert @travelmate: ~ $ gpg --verify bla.txt.gpg gpg: İyi imza dan "testkey2 (testkey2)"
: 74D6F5C6 gpg RSA anahtarı kimliği kullanarak Per Haz 18, 2015 19:18:17 UTC yapılan İmzave düzenleme anahtarla ben 74d6f5c6 gerçekten işareti alt anahtarı olduğunu görebilirsiniz:
alt 1024R/74D6F5C6 oluşturulan: Ben biraz şaşırdım S
: 2015/05/31 süresi dolmadan: asla kullanımını Bu gpgme için çalışmıyor. Bulgu değil ama doğrudan gpgme_get_key() aynı hatayı veriyor.
şey nazlı olabilir yöntemde my_gpgme_new(&ctx, false, error) yapılıyor -
Eğer 'gpgme_signers_add' yöntem ve anahtar seçimi için gerçek kod sonrası mi? Sağladığınız hata ayıklama çıktısında, seçilen anahtarlar, sorunuzun en üstünde listelenen anahtarların hiçbiriyle eşleşmez. "Gpgme_signers_add" işlemi "20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589" anahtarını kullanıyor, bu anahtar hem kamu hem de özel parçalara sahip ve listelenmemiş mi? – kylehuff
Tam olarak hangi anahtarın eklendiğini belirtebilir misiniz? Sadece işaret mi yoksa sadece şifreli mi? Özel anahtarı mı yoksa alt anahtarlardan mı birini seçiyorsunuz? –
@NickolayOlshevsky Üstte listelenen anahtarı kullanıyorum: 14B7E8E6 –