No secret key on 1 file

Henry Hertz Hobbit hhhobbit at securemecca.net
Sat Aug 17 01:31:31 CEST 2013


On 08/16/2013 04:20 PM, Steven Bonda wrote:
> I did a lot of research and digging and was finally able to get the file to
> decrypt:
> 
> c:\temp>gpg2 --batch --try-all-secrets --passphrase pass -o temp.txt -d
> temp.txt.pgp
> gpg: anonymous recipient; trying secret key A328FC0E ...
> gpg: WARNING: cipher algorithm IDEA not found in recipient preferences
> gpg: okay, we are the anonymous recipient.
> gpg: encrypted with RSA key, ID 727A253D
> gpg: old style (PGP 2.x) signature
> gpg: Signature made 08/15/13 03:31:01 Eastern Daylight Time using DSA key ID
> C0649AF6
> gpg: Can't check signature: No public key
> gpg: WARNING: message was not integrity protected

You are decrypting a public key enciphered file.  The
only way you can do that is you must have the secret key.
That is why Werner told you to list all of the secret keys
below.  Without that secret key you are not going to be
able to decipher the file.  By telling it to try all
of the secret keys it finally found the right secret
key to decipher the file.  gpg2 didn't see IDEA in
your choice of ciphers.

I should not want to see the IDEA cipher either, since
it is not in my preferences.  IDEA is an old archaic
cipher along with 3DES.  But note that I want 3DES only
as a last resort.  I will be much happier with the use of
TWOFISH or AES.  Paradoxically, at one time AES (also
called AES128) was actually stronger than AES256.  I
don't know if this is still the case but have no desire
to change my preferences.

You probably also have a key setup problem in gpg/gpg2.
I never was able to either use my GnuPG keys with PGP or
vice versa without an export of the secret key and import
and then a lot of twiddling with the trust levels and
other things to make them work. Let me show you what
happens with my secret key with a --edit-key (no
--verbose or -v which are the same thing):

http://www.securemecca.com/public/GnuPG/GnuPG_Prefs.txt

What you have that is different than what I have is something
you want to look at as the possible cause of the problem.
I suspect you have a trust problem but gpg / gpg2 can
see that the 727A253D has a secret key available and
deciphered the file although gpg2 didn't like the use
of the IDEA cipher.

Now that I have said all of this I am not so sure that
what Werner said and how he said it isn't actually a lot
better.  What I am hoping is that contrasting what you
have (which is not working) with what I have (which does
work)  might help you.  Just do a "?" at the "Command> "
to get a list of things that can be done.  I think you
may need to change the trust level for your keys.

Start with Werner's commands below minus the verbose,
contrast with mine and then do the commands exactly
as Werner has given and go from there.  If you give
Werner the verbose output he can probably tell you
exactly what needs to be changed but you also may
see the debug information gives you all you need to
know.

> c:\temp>
> 
> fwiw, I'd welcome any information on what happened just
> because I'd like to know what happened.
> 
> Maybe this helps someone in the future.
> 
> Thanks for all the help.
> -- STeve
> 
> -----Original Message-----
> From: Werner Koch [mailto:wk at gnupg.org] 
> Sent: Friday, August 16, 2013 10:36 AM
> To: Steven Bonda
> Cc: gnupg-users at gnupg.org
> Subject: Re: No secret key on 1 file
> 
> On Fri, 16 Aug 2013 14:56, sbonda at advance-medical.com said:
> 
>> gpg: encrypted with RSA key, ID 727A253D
>> gpg: decryption failed: No secret key
> 
> Please check thenoutput of 
> 
>   gpg2 -v -K 727A253D
> 
> If you can't see the reason, you may want to
> 
>   gpg2 -v --edit-key 727A253D
> 
> to see some more details.




More information about the Gnupg-users mailing list