client icon indicating copy to clipboard operation
client copied to clipboard
verified publisher icon keybase

Can't login to update key or curl submit

Open robbat2 opened this issue 7 years ago • 6 comments

keybase-user: robbat2 log-id: 29b76c3b9bb947b1ed62671c

$ keybase login robbat2
▶ ERROR during GPG provisioning.
We were able to generate a PGP signature with gpg client, but it was rejected by the server. This often means that this PGP key is expired or unusable. You can update your key on https://keybase.io
▶ ERROR Key corrupted: Could not open key: no valid primary key self-signature or key(s) have expired

And using the gpg+curl method to sign the update, I get:

Error in your post
-------------------

Code: 915
Name: KEY_BAD_UIDS
Description: You can't delete your keybase.io username
* Connection #0 to host keybase.io left intact

w/ curl -v:

*   Trying 52.6.136.121...
* TCP_NODELAY set
* Connected to keybase.io (52.6.136.121) port 443 (#0)
* Initializing NSS with certpath: none
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* ALPN, server accepted to use http/1.1
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=keybase.io,OU=PositiveSSL,OU=Domain Control Validated
* 	start date: May 18 00:00:00 2018 GMT
* 	expire date: Jun 17 23:59:59 2019 GMT
* 	common name: keybase.io
* 	issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> POST /_/api/1.0/key/add.json HTTP/1.1
> Host: keybase.io
> User-Agent: curl/7.55.0
> Accept: */*
> Content-Length: 32271
> Content-Type: application/x-www-form-urlencoded
> Expect: 100-continue
> 
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 200 OK
< Date: Wed, 14 Nov 2018 23:45:38 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 124
< Connection: keep-alive
< Vary: X-HTTP-Method-Override
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< ETag: W/"7c-u/3tVHjxbrkDn/M1Q9l6mH44TX8"
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< 
Error in your post
-------------------

Code: 915
Name: KEY_BAD_UIDS
Description: You can't delete your keybase.io username
* Connection #0 to host keybase.io left intact

robbat2 avatar Nov 14 '18 23:11 robbat2

Welcome back to Keybase. Your account is a bit legacy regarding PGP key it uses, but there should be an upgrade path.

You need to send (using gpg+curl like you did) a PGP key update with same fingerprint but extended expiration date. The caveat is that because of compatibility reasons, you still need a "[email protected]" userid in the key bundle. After that unexpired key is properly added to your account, you should be able to log in using one of our apps and get device keys.

zapu avatar Nov 15 '18 01:11 zapu

thanks, re-adding the UID (which was revoked since the emails were no longer supported) got it going. Now it's safe to remove it?

Also, a website weirdness: prior to adding a device key, the website said there were files waiting for me, but now that is gone, and I can't find what files it was talking about.

robbat2 avatar Nov 16 '18 08:11 robbat2

The caveat is that because of compatibility reasons, you still need a "[email protected]" userid in the key bundle.

I'm having this same issue but I'm not sure how to implement this fix. Can I get some more details? I have access to my account and just want to update my PGP key. I've tried changing "username" to "[email protected]" and adding the email as a "userid" field and "uid" field in the JSON to no avail. I also can't find a reference to the @keybase.io email in any of my past chainlink payloads.

RichJeanes avatar Aug 24 '20 18:08 RichJeanes

You need to send (using gpg+curl like you did) a PGP key update with same fingerprint but extended expiration date. The caveat is that because of compatibility reasons, you still need a "[email protected]" userid in the key bundle. After that unexpired key is properly added to your account, you should be able to log in using one of our apps and get device keys.

I'm having this problem too but I don't understand what you mean by "the key bundle". Can you clarify, please?

jar349 avatar Jan 12 '25 00:01 jar349

thanks, re-adding the UID (which was revoked since the emails were no longer supported) got it going. Now it's safe to remove it?

how did you "re-add the UID"?

jar349 avatar Jan 12 '25 00:01 jar349

thanks, re-adding the UID (which was revoked since the emails were no longer supported) got it going. Now it's safe to remove it?

how did you "re-add the UID"?

gpg --edit-key ...
adduid ...

robbat2 avatar Jan 13 '25 23:01 robbat2