Cannot sign after adding new uids #42
Description
I added new user ids to my OnlyKey-generated GPG key as documented.
Now git commit fails in this way:
$ git commit --gpg-sign
hint: Waiting for your editor to close the file... Waiting for Emacs...
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED 5AB98C35C1B7A0FCBAA050C3379F14BB02F9317F 2
[GNUPG:] BEGIN_SIGNING H10
gpg: signing failed: End of file
[GNUPG:] FAILURE sign 33570815
gpg: signing failed: End of file
fatal: failed to write commit object
The agent logs include this error:
2024-05-02 17:08:53,785 ERROR handler failed: [__init__.py:318]
Traceback (most recent call last):
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/__init__.py", line 310, in run_agent_internal
handler.handle(conn)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 309, in handle
handler(conn, args)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 123, in <lambda>
b'PKSIGN': lambda conn, _: self.pksign(conn),
^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 226, in pksign
identity = self.get_identity(keygrip=self.keygrip)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/util.py", line 230, in wrapper
result = method(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 202, in get_identity
assert pubkey.key_id() == pubkey_dict['key_id']
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError
This led me to the get_identity function in lib-agent:
# We assume the first user ID is used to generate Agent-based GPG keys.
user_id = user_ids[0]['value'].decode('utf-8')
if pubkey_dict['algo'] not in {1, 2, 3}:
curve_name = protocol.get_curve_name_by_oid(pubkey_dict['curve_oid'])
ecdh = (pubkey_dict['algo'] == protocol.ECDH_ALGO_ID)
identity = client.create_identity(user_id=user_id, curve_name=curve_name, keygrip=keygrip)
verifying_key = self.client.pubkey(identity=identity, ecdh=ecdh)
pubkey = protocol.PublicKey(
curve_name=curve_name, created=pubkey_dict['created'],
verifying_key=verifying_key, ecdh=ecdh)
assert pubkey.key_id() == pubkey_dict['key_id']
assert pubkey.keygrip() == keygrip_bytesI tried editing my key and making the right user id the primary one, but lib-agent is still not picking it.
I can work around the issue by changing user_ids[0] to user_ids[1], but I think lib-agent should be smarter about choosing the right user id.
Am I doing something wrong? Is there some other solution to this issue? Please advise.