Hi all
I have an identity in GPG. I would like to add a subkey to it for my OnlyKey. However, using the command listed in the documentation just doesn’t work.
Below is the output from my attempts on Ubuntu 22.04:
$ onlykey-gpg init "MyName <my@email.addr>" --subkey
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://MyName <my@email.addr>|ed25519>
4 1 5
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: keydb_search failed: End of file
gpg: error reading key: End of file
Traceback (most recent call last):
File "/home/user/.local/bin/onlykey-gpg", line 33, in <module>
sys.exit(load_entry_point('onlykey-agent', 'console_scripts', 'onlykey-gpg')())
File "/home/user/onlykey-agent/agents/onlykey/onlykey_agent.py", line 10, in <lambda>
gpg_tool = lambda: gpg.main(DeviceType)
File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 392, in main
return args.func(device_type=device_type, args=args)
File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 226, in run_init
check_call(keyring.gpg_command(['--homedir', homedir,
File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 114, in check_call
subprocess.check_call(args=args, stdin=stdin, env=env)
File "/usr/lib/python3.10/subprocess.py", line 369, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/gpg', '--homedir', '/home/user/.gnupg/onlykey', '--list-secret-keys', 'MyName <my@email.addr>']' returned non-zero exit status 2.
Note: I have tried both with the released version (1.0.4) and with the latest Master version from Github, both give the same results.
Also, although it shows asking for a challenge code, it has been configured for button press only and accepts any button press.
I’m having very little luck using this key for anything beyond very basic usage: Hardware password manager and FIDO key work well, but everything else (particularly, anything using the Python-based software) seems very flakey for a commercial product…