Secret key not found - is this normal?

Werner Koch wk at
Sun Jan 15 18:10:59 CET 2006

On Sun, 15 Jan 2006 05:34:57 -0700, Kurt Fitzner said:

> I have found that on the gpg command line, I can't specify a key to sign
> with by using a user id unless that user id is the primary.

That is a problem with syncronizing secret and public key.  The secret
key should contains all the inforation of the public one plus the
secret stuff.  However it is hard to keep them in sync and so
sometimes we don't get it right or even don't try to do.

The effect is that whenever gpg searches for a key in the secring.gpg
it won't find a key if the specification is for a example a user ID
missing on the secret key.  Please use a key ID or fingerprint, they
are always valid.

The actual solution is to never search by looking at the secring but
to seacrh the pubring and then to check whether a candidate key has
secret counterpart.  This is the solution used for gpgsm and it works
quite well.  The required changes are pretty large, so I don't think
it makes sense to add it to gpg 1.4 now.



More information about the Gnupg-users mailing list