@t11 do you have any other debug options to try?
To rule out anything being borked on my OnlyKey I have taken a new OnlyKey and proceeded as follows.
Derived Key Mode
Firstly I set the key up using derived key mode and ran onlykey-gpg init "Bob Smith <bob@protonmail.com>"
which completed fine and everything worked as it should. I did this to confirm the prerequisties were installed correctly. This confirms that the correct packages are installed and the udev rules are working.
Stored Key Mode - ProtonMail Key
I then switched to stored key mode, downloaded a ProtonMail ECC key pair and loaded it onto the OnlyKey which loaded fine. I tested this using Webcrypt and I can single-press to confirm, and encypt and sign a message.
I then reverted to GPG and tried the above command:
Which gave me the error as before that the key could not be read:
rm -rf ~/.gnupg/onlykey && onlykey-gpg init “bob@protonmail.com” -sk 102 -dk 101 -i bob-pub.asc && echo “secret message” | gpg --encrypt -r “bob@protonmail.com” | gpg --decrypt
2021-04-27 16:53:28,513 WARNING This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__init__.py:128]
2021-04-27 16:53:28,531 WARNING NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=0" commandline flag (to set the timestamp of the GPG key manually). [__init__.py:41]
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: error reading key: No secret key
Traceback (most recent call last):
File "/home/amnesia/.local/bin/onlykey-gpg", line 33, in <module>
sys.exit(load_entry_point('onlykey-agent==1.1.10', 'console_scripts', 'onlykey-gpg')())
File "/home/amnesia/.local/bin/onlykey_agent.py", line 6, in <lambda>
gpg_tool = lambda: libagent.gpg.main(DeviceType)
File "/home/amnesia/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 375, in main
return args.func(device_type=device_type, args=args)
File "/home/amnesia/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 224, in run_init
'--list-secret-keys', args.user_id]))
File "/home/amnesia/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 114, in check_call
subprocess.check_call(args=args, stdin=stdin, env=env)
File "/usr/lib/python3.7/subprocess.py", line 347, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/gpg', '--homedir', '/home/amnesia/.gnupg/onlykey', '--list-secret-keys', '“bob@protonmail.com”']' returned non-zero exit status 2.
Stored Key Mode - GPG
For completeness, I then tried generating and loading an ECC key from GPG following the above steps you posted (which I have been doing all along). This again loaded fine and I tested it via Webcrypt. I added the pub key, recipient ProtonMail address, and message and I could encypt and sign a message fine.
Finally, I tried using GPG and I get the same error that the key could not be read!
I have the latest firmware loaded (v2.1.0-prodc) and the latest OnlyKey app (v5.3.1). I’m also using the same version of GPG.
I’m not sure why you can’t reproduce this but there is something wrong. I lost so much time on this. Maybe the hardware is faulty or something else but this should be simple enough. I don’t know what else can be the problem if it’s not a bug.
Is it best to get replacement devices to try or do you have something else to suggest?
– BVS