decrypt : primary key or subkey ?

Charly Avital shavital at
Wed Jun 6 18:56:20 CEST 2007

Hash: SHA256

Bruno Costacurta wrote the following on 6/6/07 5:23 PM:
> Hello,
> I'm not able to decrpyt message as I received hereafter message about using 
> subkey instead of primary key. 

This is your public key, as I have just downloaded it from the servers:
- ----------
pub  1024D/2E604D51  created: 2006-06-11  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  2048g/0CC897B5  created: 2006-06-11  expires: never       usage: E
[ unknown] (1). Bruno Costacurta <bruno at>
[ revoked] (2)  pubmb01 <pubmb01 at>
[ revoked] (3)  pubmb02 <pubmb02 at>
[ revoked] (4)  Bruno Costacurta <cob1 at>
[ unknown] (5)  Bruno Costacurta <pubmb01 at>
[ unknown] (6)  Bruno Costacurta <contract at>
- ----------
> Is this correct ? Could it be the problem relies on the usage of this subkey ?
> If yes, how to manage my keyring regarding this 
> subkey (which is obviously used for en/decrypting not for signing) to be able 
> to decrypt ?

As you can see, your primary key 1024D/2E604D51 is used for SC (Sign,
The subkey 2048g/0CC897B5 is used for E encrypting *to you*. Not for

For decrypting you use your secret key (copy/paste of your own
/home/bruno: gpg --list-secret-keys 0x2e604D51
sec   1024D/2E604D51 2006-06-11

The message "...using subkey...instead of primary key..." is exactly as
it should be, as pointed out by dave.smith at in this forum.

The secret key required for decryption is reported to be where it should be.

The problem might be with the encryption process used by the sender of
that message.

> gpg -v -v --decrypt msg.asc
> gpg: armor: BEGIN PGP MESSAGE
> gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
> :pubkey enc packet: version 3, algo 16, keyid 42531C9A0CC897B5
>         data: [2048 bits]
>         data: [2048 bits]
> gpg: public key is 0CC897B5
> :encrypted data packet:
>         length: unknown

I am not sure this 'length: unknown' is as it should be. I have carried
out a few tests with encrypted messages, and there is always a value
after 'length: ..... As I pointed out above, *maybe* there is some
problem with the encryption process used by the sender of the message
you have not been able to decrypt.

>         mdc_method: 2
> gpg: using subkey 0CC897B5 instead of primary key 2E604D51
> gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
>       "Bruno Costacurta <bruno at>"
> gpg: decryption failed: secret key not available

I am sending you, separately, a encrypted test message, please let me
know if you can decrypt it.

MacOS 10.4.9 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list