GPG errors and solutions

The following errors may occur during GPG signing.

Card status error

Error message

gpg: error getting version from 'scdaemon': No SmartCard daemon 
gpg: OpenPGP card not available: No SmartCard daemon

Solution

Run the following command:

gpgconf --kill all

Pubring.kbx

Error message

Command output shows pubring.kbx instead of pubring.gpg.

Solution

Remove the default pubring.kbx from /User/<user_name>/.gnupg/ so the keys from /User/<user_name>/.gnupg/pubring.gpg get displayed

Run:
```
cd /User/<user_name>/.gnupg/pubring.gpg
```
Run:
```
rm -rf pubring.kbx
```
Run:
```
gpg --list-keys 
```

General error while signing

When attempting to sign with gpg --sign <file path> you receive the following error:

Error message

gpg: signing failed: General error

Solution

Navigate to DigiCert ONE > DigiCert® Software Trust Manager > Logs > Signature logs > Click on the signing event > View the Error message field.

If the error message is:

User - <user ID> does not have access to the GPG keypair with ID - <GPG keypair ID>

The most recently created subkey will always be used as the default to sign with even if you do not have access to that subkey. To avoid this error, use this command to sign with a different key:

gpg -u <subkey fingerprint>! --sign <file path>

General error while signing

When attempting to sign with gpg --sign <file path> you receive the following error:

Error message

gpg: signing failed: General error

Solution

Select one of the options below based on your method of GPG signing:

Esempio 1. Software Trust Manager GPG SCD

To identify the cause of the error:

To set the log level to TRACE, run the command:
Esempio 2. Windows
```
set SM_LOG_LEVEL=TRACE
```
Esempio 3. Linux
```
export SM_LOG_LEVEL=TRACE
```
Esempio 4. macOS
```
export SM_LOG_LEVEL=TRACE
```
Run the signing command that failed again.
To identify where your logs are located, run:
```
echo %USERPROFILE%/.signingmanager/logs
```
Open the ssm-scd.log file.
To identify the the most recent event, scroll to the end of the logs.
The last few lines should explain why the error occurred.
If you are unable to resolve the error based on the information provided, contact Support and provide the log file.

Esempio 5. GnuPG SCD

To identify the cause of the error:

To set the log level to TRACE, run the command:
Esempio 6. Windows
```
set SM_LOG_LEVEL=TRACE
```
Esempio 7. Linux
```
export SM_LOG_LEVEL=TRACE
```
Esempio 8. macOS
```
export SM_LOG_LEVEL=TRACE
```
Run the signing command that failed again.
To identify where your logs are located, run:
```
echo %USERPROFILE%/.signingmanager/logs
```
Open the smpkcs11.l.log file.
To identify the the most recent event, scroll to the end of the logs.
The last few lines should explain why the error occurred.
If you are unable to resolve the error based on the information provided, contact Support and provide the log file.

GPG keypair is offline

Error message

Provided gpg keypair <GPG keypair ID> is in OFFLINE state and cannot be used for signing. Please provide keypair in active state to be used for signing.

Solution

The most recently created subkey will always be used as the default to sign with even that subkey is in offline mod. There are three ways to avoid this error:

Switch your GPG key status to online.
Verify that the release that the key is part of, is active.

Use this command to sign with a different key:

gpg -u <subkey fingerprint>! --sign <file path>

In questa sezione:

GPG errors and solutions

Card status error

Pubring.kbx

General error while signing

General error while signing

GPG keypair is offline

Risultati della ricerca