unable to sign backups

I tired to generate a key for signing backups and got this: Failed to create backup key : Key generation failed : gpg: skipping control `%no-protection' ()

Status: 
Active

Comments

Title: unable to allow server owners to restore their own backups » deleted
Status: Active » Closed (fixed)
Body: View changes
Title: deleted » unable to sign backups
Status: Closed (fixed) » Active
Body: View changes

ooooook...when i tired to generate a key the second time i got this: Failed to create backup key : Key generation failed : A GPG key with the same email address already exists

so then i tired to create a backup schedule where the owners can restore the backups and i get: Failed to save scheduled backup : Only signed backups can be restored by virtual server owners

Is this a VM that you're creating the key or, or a real physical machine?

bare metal machine.

any ideas? It's been a while.

Could be a compatibility issue with gnupg. Which Linux distro and version are you running, and are you just running the stock version of gpg ?

ubuntu 16.04. I installed it from minimal and then let virt do the rest. No changes on my end.

I had this machine reloaded as a result of a virt corrupting and when i try to generate the backup key I get: Failed to create backup key : Key generation failed : gpg: skipping control `%no-protection' ()

apt install gnupg Reading package lists... Done Building dependency tree Reading state information... Done gnupg is already the newest version (1.4.20-1ubuntu3.3). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

so now when i try to generate the key virt throws: Failed to create backup key : Key generation failed : A GPG key with the same email address already exists

does the loop look familiar...like at the first of the ticket...

Odd, it looks like the key generation succeeded but Virtualmin assumes that it failed, leaving you in an inconsistent state. The work-around is to SSH in as root and run gpg delete-secret-key to remove the leftover key, then re-try generation in Virtualmin.

no dice: root@web3:~# gpg delete-secret-key gpg: can't open `delete-secret-key'

root@web3:~# apt install gnupg Reading package lists... Done Building dependency tree Reading state information... Done gnupg is already the newest version (1.4.20-1ubuntu3.3).

The proper command is like gpg --delete-secret-keys email@domain.com

The upcoming 6.06 Virtualmin release will include the ability to import a key.

ok key deleted.

i then ran the key generation again. Failed to create backup key : Key generation failed : gpg: skipping control `%no-protection' () I then tried the command: gpg --delete-secret-keys wwarren@etc-md.com gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gpg: key "wwarren@etc-md.com" not found: eof gpg: wwarren@etc-md.com: delete key failed: eof

guess what appeared? gpg --delete-secret-keys wwarren@etc-md.com gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gpg: key "wwarren@etc-md.com" not found: eof gpg: wwarren@etc-md.com: delete key failed: eof root@web3:~# gpg --delete-secret-keys wwarren@etc-md.com gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gpg: key "wwarren@etc-md.com" not found: eof gpg: wwarren@etc-md.com: delete key failed: eof root@web3:~# gpg --delete-secret-keys wwarren@etc-md.com gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

sec 2048R/6F2A0D2F 2019-02-05 backup encryption key wwarren@etc-md.com

Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y

I think webmin is timing out on the key generation process. it appears there needs to be a status check by webmin against the gpg key generation process?

It sounds like the key generation process is taking longer than Virtualmin expects. I'll extend the timeout in the next release.