Adding OK Subkey to existing GPG identity fails

SSH, OpenPGP, GPG
1

Hi all

I have an identity in GPG. I would like to add a subkey to it for my OnlyKey. However, using the command listed in the documentation just doesn’t work.

Below is the output from my attempts on Ubuntu 22.04:

$ onlykey-gpg init "MyName <my@email.addr>" --subkey
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://MyName <my@email.addr>|ed25519>
4 1 5
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: public key E227E4D2B987128A is 19416 days newer than the signature
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: keydb_search failed: End of file
gpg: error reading key: End of file
Traceback (most recent call last):
  File "/home/user/.local/bin/onlykey-gpg", line 33, in <module>
    sys.exit(load_entry_point('onlykey-agent', 'console_scripts', 'onlykey-gpg')())
  File "/home/user/onlykey-agent/agents/onlykey/onlykey_agent.py", line 10, in <lambda>
    gpg_tool = lambda: gpg.main(DeviceType)
  File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 392, in main
    return args.func(device_type=device_type, args=args)
  File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 226, in run_init
    check_call(keyring.gpg_command(['--homedir', homedir,
  File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 114, in check_call
    subprocess.check_call(args=args, stdin=stdin, env=env)
  File "/usr/lib/python3.10/subprocess.py", line 369, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/gpg', '--homedir', '/home/user/.gnupg/onlykey', '--list-secret-keys', 'MyName <my@email.addr>']' returned non-zero exit status 2.

Note: I have tried both with the released version (1.0.4) and with the latest Master version from Github, both give the same results.

Also, although it shows asking for a challenge code, it has been configured for button press only and accepts any button press.

I’m having very little luck using this key for anything beyond very basic usage: Hardware password manager and FIDO key work well, but everything else (particularly, anything using the Python-based software) seems very flakey for a commercial product…