Have key ID, but can't decrypt.

David T-G davidtg-gnupg@justpickone.org
Fri Oct 25 11:32:02 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Jason --

=2E..and then Jason Price said...
% I have a feeling I'm being stupid.

Not stupid; just not practiced yet :-)

% When I 'gpg --list-keys', I get:
% > gpg --list-keys
% gpg: WARNING: using insecure memory!
% gpg: please see http://www.gnupg.org/faq.html for more information
% /usr/local/home/jprice/.gnupg/pubring.gpg
% -----------------------------------------
% pub  1024D/F64BA00C 2002-10-07 Jason Price <jprice@cyberbuzz.gatech.edu>
% sub  1024g/6B38F22C 2002-10-07
% pub  1024D/FAD37ABE 2002-08-24 Edward Graham V <egraham@gttx.org>
% sub  4096g/34B2393A 2002-08-24

OK.  So you have your public key and his public key.

% However, when I try and decrypt a message, I get:
% > gpg --decrypt egr.1.pgp
% gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24
%       "Edward Graham V <egraham@gttx.org>"
% gpg: decryption failed: secret key not available

Looks like you don't have Edward's secret key.  Not all that surprising,
since only he is supposed to.

What do you see when you run

  gpg --list-secret-keys

instead?  I'll bet a Twinkie that it's only your own.

% That "keyid" is in my key ring.  Why can't I decrypt?

There are two key rings.  Take a look in your .gnupg directory; there are
interesting files in there :-)

Remember for a moment how public key encryption works: a public key is
used to garble the data, and only the matching private key can ungarble
it.  That means that even you, the encryptor, can't read the result if
you only encrypt with someone else's public key, because you don't have
the private key.

As Ralf noted, you can also encrypt to yourself.  Then you have the
private key, and so gpg will ask for *your* passphrase and will be able
to decrypt -- but as far as gpg is concerned that's about the same as
only having it encrypted to your key and forgetting Edward's info,
because you don't have that private key.

I encrypt to myself by default in my options file; what's coming next
shouldn't imply that it's a bad thing.  You should be aware of it,

When you encrypt to a user ID and someone gets a copy of that encrypted
chunk, even though it's encrypted it still gives out some information:
for *whom* it is encrypted.  If you've encrypted to your key as well as
the recipient's, then after just a few messages it can become very
apparent that you are the one sending this stuff -- which you might not
want at all.

Of course, you can always turn off the encrypt-to-yourself part for those
messages that shouldn't reveal your authorship, but then you can't read
your kept copy of what you send.  You might instead consider whipping up
a key that never gets exported to servers that you use for this instead;
you could even have multiple ones so you don't start leaving an obvious
trail or connect your authorship, whoever you are (remember that nobody
else has this public key), of messages to one person with authorship of
messages to another.  Using an MUA such as mutt, where you have very
strong configuration capability, makes this pretty transparent, and of
course once the message is encrypted gpg does all of the figuring out of
how to decrypt it.

% Thanks for any help;

Sure thing!

% Jason


David T-G                      * There is too much animal courage in=20
(play) davidtg@justpickone.org * society and not sufficient moral courage.
(work) davidtgwork@justpickone.org  -- Mary Baker Eddy, "Science and Health"
http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (FreeBSD)