Decrypting with ECDH: no secret key

Daniele Ricci daniele.athome at
Wed Jun 26 18:07:39 CEST 2013

I think I found the issue. Key was indeed incomplete.
I tried to create a new one from scratch (ECDSA+ECDH) and this time
ssb shows without the hash mark.

However, if I try to export it, gpg2 outputs the key "correctly",
without the subkey, printing this warning:
gpg: key F08342D6/0AF4E702: error receiving key from agent: Bad secret
key - skipped

When re-importing the exported secret key in another keyring, the same
issue: hash mark after ssb.

gpg-agent was started in a custom environment (--homedir) and
GNUPGHOME set accordingly.
By the way: I don't know if it's normal, pinentry asked me the key
password twice during the export.

On Wed, Jun 26, 2013 at 5:40 PM, Werner Koch <wk at> wrote:
> On Wed, 26 Jun 2013 11:15, daniele.athome at said:
>> sec    256E/8C5A3D53 2013-06-16
>> uid                  Test ECDSA-ECDH (Key and subkey are 256 bits
>> long) <test.ecdsa.ecdh at>
>> ssb#   256e/8BA3201C 2013-06-16
> The hash mark after "sbb" indicates that the subkey if off-line.  There
> is only a stub key left.  In the case of GnuPG 2.1 this is similar; the
> gpg-agent does not have access to the actually key below
> private-keys-v1.d/.
> If you run
>    gpg2 --with-keygrip -K 8C5A3D53
> You will see something like:
>   ssb   1024g/47BE2775 2003-12-31
>         Keygrip = 7E201E28B6FEB2927B321F443205F4724EBE637E
> Now to check whether the key is really available do
>   ls ~/.gnupg/private0keys-v1.d/7E201E28B6FEB2927B321F443205F4724EBE637E.key
> I don't know why it is missing.  You may however import it again from an
> exported copy of that secret key ("gpg2 --import seckey.gpg")
> Salam-Shalom,
>    Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


More information about the Gnupg-devel mailing list