gpg problem while decrypting

Neil Williams linux at
Wed Jun 16 10:44:11 CEST 2004

On Thursday 10 June 2004 12:51, Deepak Kolhar wrote:
> Hi ,
>  I'm getting following error  under unix environment when i try to decrypt
> a file  from another user .
> The exact message is
> gpg: encrypted with ELG-E key, ID 3E07473B
> gpg: decryption failed: secret key not available

So whose key contains ID 3E07473B? User-A or User-BCD?

> I've generated a key from a user   'UserA' for example. It's working fine
> there.
> But when i try to decrypt a file (which is encrypted from user a ) 

But who is it encrypted TO, that's crucial. What recipient did you specify?

> from a 
> user 'User-BCD'. it gives above error.
> Both the user are on the same server.

But each have their own keyrings in their own ~ space. Each should only have 
their own secret key. It gets confusing when you use hidden or generic names 
for users and then don't specify the keyid's for both. It makes it easier to 
help if you specify the exact command line (remove the email address if you 
like, but the keyid's are best left in).

A full example:

Garfield has the secret key for 0x28BCB3E3 and the public key for 0xA897FD02.
neil at garfield:~$ gpg -a -r 0xA897FD02 -e dead.letter
neil at garfield:~$ scp dead.letter.gpg laptop:

'laptop' has the secret key for 0xA897FD02 and the public key for 0x28BCB3E3.
neil at laptop:~$ gpg --decrypt dead.letter.gpg > dead.letter2
neil at laptop:~$ gpg -a -r 0x28BCB3E3 -e dead.letter2
neil at laptop:~$ scp dead.letter2.gpg garfield:

neil at garfield:~$ gpg --decrypt dead.letter2.gpg

If you don't specify a recipient and gpg still encrypts, you've got a default 
encrypt setting in ~/.gnupg/gpg.conf which is 'hiding' the error. The 
encrypted file will then be encrypted using the default key as no recipient 
was given. 

In my example, this would cause dead.letter.gpg to be encrypted to 0x28BCB3E3 
(garfield's key) - laptop (in my example) would not be able to decrypt it.

Similarly, with 0xA897FD02 as default encrypt key on the laptop, 
dead.letter2.gpg would be encrypted to 0xA897FD02 (the laptop key) not the 
intended garfield key 0x28BCB3E3. Garfield would not be able to decrypt.


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040616/32affb3d/attachment.bin

More information about the Gnupg-users mailing list