I have an identity in GPG. I would like to add a subkey to it for my OnlyKey. However, using the command listed in the documentation just doesn’t work.
Below is the output from my attempts on Ubuntu 22.04:
$ onlykey-gpg init "MyName <email@example.com>" --subkey Enter the 3 digit challenge code on OnlyKey to authorize <gpg://MyName <firstname.lastname@example.org>|ed25519> 4 1 5 gpg: public key E227E4D2B987128A is 19416 days newer than the signature gpg: public key E227E4D2B987128A is 19416 days newer than the signature gpg: public key E227E4D2B987128A is 19416 days newer than the signature gpg: public key E227E4D2B987128A is 19416 days newer than the signature gpg: inserting ownertrust of 6 gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: keydb_search failed: End of file gpg: error reading key: End of file Traceback (most recent call last): File "/home/user/.local/bin/onlykey-gpg", line 33, in <module> sys.exit(load_entry_point('onlykey-agent', 'console_scripts', 'onlykey-gpg')()) File "/home/user/onlykey-agent/agents/onlykey/onlykey_agent.py", line 10, in <lambda> gpg_tool = lambda: gpg.main(DeviceType) File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 392, in main return args.func(device_type=device_type, args=args) File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 226, in run_init check_call(keyring.gpg_command(['--homedir', homedir, File "/home/user/onlykey-agent/libagent/gpg/__init__.py", line 114, in check_call subprocess.check_call(args=args, stdin=stdin, env=env) File "/usr/lib/python3.10/subprocess.py", line 369, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['/usr/bin/gpg', '--homedir', '/home/user/.gnupg/onlykey', '--list-secret-keys', 'MyName <email@example.com>']' returned non-zero exit status 2.
Note: I have tried both with the released version (1.0.4) and with the latest Master version from Github, both give the same results.
Also, although it shows asking for a challenge code, it has been configured for button press only and accepts any button press.
I’m having very little luck using this key for anything beyond very basic usage: Hardware password manager and FIDO key work well, but everything else (particularly, anything using the Python-based software) seems very flakey for a commercial product…