0

[I am new to using command-line gpg and might have messed up some steps during key creation. For privacy purposes I am redacting all key information with [REDACTED]]

My gpg has my pubkey listed

$ gpg --list-keys
/home/seb/.gnupg/pubring.kbx
----------------------------
[REDACTED]

However, it does not seem to know about any of my private keys

$ gpg -K
$

Which is odd as I have two .key files in my ~/.gnupg/private-keys-v1.d/ folder.

Now I'm trying to add them manually

$ gpg --allow-secret-key-import --import .gnupg/private-keys-v1.d/[REDACTED].key
gpg: can't open '.gnupg/private-keys-v1.d/[REDACTED].key': Permission denied
gpg: Total number processed: 0

It turns out that my current user does not have read access to those keys

$ ls -la .gnupg/private-keys-v1.d/
total 16
drwx------ 2 seb  seb  4096 apr 21 22:34 .
drwx------ 4 seb  seb  4096 mei 19 16:31 ..
-rw------- 1 root root [REDACTED].key

Now I changed that via $ sudo chmod +r .gnupg/private-keys-v1.d/* and now trying to add them manually seems to work.

This seems to work well but I'm wondering if it's a good idea to make the private keys readable by the current user.

Improve this question

1 Answer 1

Reset to default
2

This seems to work well but I'm wondering if it's a good idea to make the private keys readable by the current user.

Yes, it's normal. GnuPG does not (yet) implement any sort of system-level isolated key storage – although gpg-agent is already very close in its architecture, but it still simply runs under your own user account, with the same privileges as all your other processes.

Your other output shows the keys as being owned by root:root, but that's only because you used sudo gpg --import or something like that.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .