helm: Error: openpgp: invalid data: tag byte does not have MSB set

when i use command on user manual , i get error ,why?

% gpg --list-secret-keys
/Users/Alex/.gnupg/pubring.kbx
------------------------------
sec   rsa4096 2017-08-23 [SC]
      BCC9A338D1F5990A21A8AA4213F326CBB263D868

%  helm package --sign --key 'helm signing key' --keyring /Users/Alex/.gnupg/pubring.kbx alpine
Successfully packaged chart and saved it to: /Users/Alex/Documents/FileZilla.app/alpine-0.1.0.tgz
Error: openpgp: invalid data: tag byte does not have MSB set

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 7
Comments: 21 (8 by maintainers)

Most upvoted comments

% helm version Client: &version.Version{SemVer:“v2.6.0”, GitCommit:“5bc7c619f85d74702e810a8325e0a24f729aa11a”, GitTreeState:“clean”} Error: cannot connect to Tiller

$ gpg --version gpg (GnuPG) 2.1.23 libgcrypt 1.8.0 Copyright © 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Home: /Users/Alex/.gnupg 支持的算法：公钥：RSA, ELG, DSA, ECDH, ECDSA, EDDSA 对称加密：IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 散列：SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 压缩：不压缩, ZIP, ZLIB, BZIP2

justlooks on Aug 23, 2017

I have got this error > Error: openpgp: invalid data: tag byte does not have MSB set

I able to solved it using the below steps Execute: gpg --export-secret-keys >~/.gnupg/secring.gpg

Explanation: the GnuPG v2 store your secret keyring using a new format kbx on the default location ~/.gnupg/pubring.kbx. Please use the following command to convert your keyring to the legacy gpg format:

The output: gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from ‘/Users/narendranathreddy/.gnupg/secring.gpg’ to gpg-agent gpg: migration succeeded

and upon checking ~/.gnupg/secring.gpg is exist

we can use secring.gpg to sign the packages using below command helm package --sign --key ‘Narendranath Reddy’ --keyring ~/.gnupg/secring.gpg sample-app

Output: Successfully packaged chart and saved it to: /Volumes/REDLAB/Projects/books/chapter-5/sample-app-0.1.0.tgz

ghost on May 19, 2020

I don’t feel that this should be closed @technosophos. Converting from one format to the other isn’t really a valid workaround and introduces differences between the two rings. Sure, the documentation is useful, but this is still an out of the box issues for most (if not all) Linux users.

jaredallard on Sep 28, 2018

Okay, in the process of testing, it appears that the GnuPG keyring format has changed. This is totally allowed by the OpenPGP spec, which does not require that a keyring be in a particular format.

If I run gpg --export --outfile newkeyring.gpg and then load that new keyring, it works fine, because that puts the keys in the format described by section 4.2 of the OpenPGP spec.

The relevant GnuPG announcement: https://gnupg.org/faq/whats-new-in-2.1.html#keybox

Update: Use --export-secret-keys to export the secret keys (signing), or --export to export your public keys (verifying).

technosophos on Sep 27, 2018

@vineetguptadev I was just able to resolve a similar error, albeit on the helm verify side, by converting my keyring to the old format as outlined in the current helm docs:

$ gpg --export >~/.gnupg/pubring.gpg
$ gpg --export-secret-keys >~/.gnupg/secring.gpg

Have you tried that and / or did it work?

Flannigan on Mar 9, 2023