Error reencrypting password store

[Thomas Harning Jr.]

On Fri, Dec 16, 2016 at 5:21 AM, Mathias Ewald <mewald at evoila.de> wrote:
>
> Hi,
>
> I want to reencrypt the password store for new users and remove old users. Running pass init I get these messages for every entry:
>
>  ~  pass init user1 at company.com user2 at company.com
> Password store initialized for user1 at company.com, user2 at company.com
> Warning: using insecure memory!
> Warning: using insecure memory!
> /datacenter/darz/common/ldap/bind_user: reencrypting to 19ACF8E910B9B211 C846B1FB75946579
> Warning: using insecure memory!
> Warning: using insecure memory!
> gpg: 2B711C60: skipped: No public key
> gpg: [stdin]: encryption failed: No public key
> gpg: error flushing `[stdout]': Broken pipe
> gpg: handle plaintext failed: Broken pipe
> ..
>
> Here is my public keyring:
>
>  ~  gpg2 --list-keys
> Warning: using insecure memory!
> /Users/mewald/.gnupg/pubring.gpg
> --------------------------------
> pub   4096R/34263DD4 2016-07-27
> uid       [ultimate] Mr X <user1 at company.com>
> sub   4096R/10B9B211 2016-07-27
>
> pub   4096R/CBCAF5F9 2016-08-02
> uid       [  full  ] Mr Z <user3 at company.com>
> sub   4096R/75946579 2016-08-02
>
> pub   2048R/B5D3E61B 2016-12-14
> uid       [ unknown] Mr Y <user2 at company.com>
> sub   2048R/17EC4DC5 2016-12-14
>
> What I don’t understand is how it wants says "reencrypting to 19ACF8E910B9B211 C846B1FB75946579” while the two IDs do not match any of the keys I specified. Also the the line "gpg: 2B711C60: skipped: No public key”: no match to the output of gpg2 —list-keys.


19ACF8E910B9B211 -> maps to 10B9B211 which maps to user1
C846B1FB75946579 -> maps to 75946579 which is a subkey of user3

Are there any subdirectories with .gpg_id in them that might be
changing the target?

As for missing 2B711C60 - I'd check the gpg configuration files and
make sure there's no additional 'default' target encryption key.

-- 
Thomas Harning Jr. (http://about.me/harningt)