GPG error "gpg: error retrieving '[email protected]' via WKD: No data"

[dfrancoa]

I'm facing and error that for some reason I can't solve, I've looked at all the issues that look similar and all the solutions in those issues do not work at all. currently I'm running on a Mac: System Version: macOS 13.4.1 (c) (22F770820d) Model Name: MacBook Pro Model Identifier: MacBookPro15,1 Processor Name: 6-Core Intel Core i7

I'm able to decrypt all files of my repo but I'm not able to encrypt and get this error:

WARNING: This will overwrite any unencrypted files laying about. Press CTRL-C now to stop. ENTER to continue: ========== RE-ENCRYPTING FILES: ========== PROCESSING "terraform/1-base/roles.tf" ========== Encrypting: terraform/1-base/roles.tf gpg: error retrieving '[email protected]' via WKD: No data gpg: [email protected]: skipped: No data gpg: terraform/1-base/roles.tf: encryption failed: No data

I'm added as an admin and I can see my self there: $ blackbox_list_admins | grep dfranco [email protected]

and my gpg key is also there: $ gpg --homedir=.blackbox --list-keys | grep -C3 dfranco gpg: WARNING: unsafe permissions on homedir '/Users/daniel/github/secureauth/willow/.blackbox'

pub rsa4096 2023-07-19 [SC] D4F87815ommittedE91F15DF uid [ unknown] Daniel Franco (Secureauth GPGKey) [email protected] sub rsa4096 2023-07-19 [E]

and I have that key on my local keyring: $ gpg --list-keys [keyboxd]

pub rsa4096 2023-07-19 [SC] D4F87815ommittedE91F15DF uid [ultimate] Daniel Franco (Secureauth GPGKey) [email protected] sub rsa4096 2023-07-19 [E]

My gpg version is: $ gpg --version gpg (GnuPG) 2.4.3 libgcrypt 1.10.2 Copyright (C) 2023 g10 Code GmbH License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html

So from what I understand is the blackbox should grab the gpg keys on .blackbox/pubring.kbx and do all decrypting and encrypting from that information, but it looks like is grabbing the local keyboxd information. I was able to confirm this because I was having that same error: gpg: error retrieving '[email protected]' via WKD: No data with another user and as soon as I imported the private key for that user to my local gpg keyring I stopped getting that error for that user and started getting it for the other one.

The next step was to try to use the /.blackbox as the home for gnupg with: export GNUPGHOME=~/github/secureauth/willow/.blackbox This did not work and gave me some other error I set the enviromental value to the default one and went back to the same error..

Then I tried to export the blackbox pubring.kbx into my local with:

gpg --import .blackbox/pubring.gpg

gpg --no-default-keyring --keyring .blackbox/pubring.gpg --export -a | gpg --import

this did not work because there is no such file, so I changed it to:

gpg --import .blackbox/pubring.kbx

gpg --no-default-keyring --keyring .blackbox/pubring.kbx --export -a | gpg --import

this did not work either. So what am I missing here?... I still keep getting the same error, so the fix is to get all the private keys for all the admins, but I don't think that is doable. So if someone has a solution for this I would appreciate if I could be guided in the correct direction.

[jmigual]

So I was having just this error as well and it turns out that my local private keys where corrupted / not working properly and the blackbox keys had expired so I had to remove all admins with expired keys and add them again.

[dfrancoa]

So I was having just this error as well and it turns out that my local private keys where corrupted / not working properly and the blackbox keys had expired so I had to remove all admins with expired keys and add them again.

So far I deleted all my keys and I was taken out from the admis and then I was put in again to the admins with a whole new different key, I can decrypt just fine, but encrypting is the thing I can't do

[jmigual]

Yeah, based on the error you have it looks like the problem is not your key but the public key of [email protected] is somehow incorrect/corrupt

[bluebrown]

Same issue here. I tried the below without success

gpg --no-default-keyring --keyring .blackbox/pubring.kbx \
  --with-subkey-fingerprint --quick-set-expire <fingerprint> 6m

any idea how to fix this?

[kxgillispie]

We ran into a similar issue, and we were able to resolve by removing the use-keyboxd option that fresh gpg installs now seem to add by default in ~/.gnupg/common.conf.

Release notes for this change: https://dev.gnupg.org/source/gnupg/browse/master/NEWS$82

Noteworthy changes in version 2.4.1 (2023-04-28)

• If the ~/.gnupg directory does not exist, the keyboxd is now automagically enabled. [rGd9e7488b17]

And docs from gpg indicating behavior of this flag, which seems to cause gpg to totally ignore arguments specifying which keyring should be used:

Note that if the option use-keyboxd is enabled in common.conf, no keyrings are used at all and keys are all maintained by the keyboxd process in its own database.

No idea if that's the "best" solution - or of any potential downsides to keeping keyboxd disabled - but it fixed our blackbox issue..