Upgraded gpg from 1.4.18 to 2.1.18: --default-recipient-self no longer works

gnupg at raf.org gnupg at raf.org
Wed Dec 13 02:17:00 CET 2017


I've just upgraded a debian8 host to debian9
and got the new gpg (v2.1.18) and now my cronjob
that encrypts data no longer works because it wants
input for some reason.

The gpg command is something like:

  cmd... | gpg --default-recipient-self --encrypt --output filename.gpg

At first, it said (via cron):

  gpg: cannot open '/dev/tty': No such device or address

Then I stupidly added --no-tty and it said:

  gpg: Sorry, no terminal at all requested - can't get input

So it really wants input all of a sudden.

So I ran it manually and it turned out that --default-recipient-self
no longer works:

  You did not specify a user ID. (you may use "-r")

  Current recipients:

  Enter the user ID.  End with an empty line: 

Any idea why it no longer knows who the default recipient is?
There's only one key that it could be.

The documentation for --default-recipient-self says:

  The default key is the first one from the secret keyring or
  the one set with --default-key.

But it's not finding it:

  $ gpg --list-keys
  pub   rsa2048 2016-05-15 [SC]
  uid           [ultimate] Name <name at domain.com>
  sub   rsa2048 2016-05-15 [E]

  $ gpg --list-secret-keys
  sec   rsa2048 2016-05-15 [SC]
  uid           [ultimate] Name <name at domain.com>
  ssb   rsa2048 2016-05-15 [E]

I can specify the ID explicitly (i.e. name at domain.com) and
then it works but I shouldn't have to, should I?

Why can it find the key when I name it but it can't find
it by itself?

Thanks for any insight.


P.S. I noticed a couple of possible gpg(1) man page errors.

(1) The documentation for --default-key says:

  Use name as the default key to sign with.

But the documentation for --default-recipient-self
implies that it is also for encryption, not just signing.

Unless --recipient and --default-recipient apply to encryption
but --default-recipient-self only applies to signing.
If so, that would be confusing and should probably be stated

(2) The documentation for --no-tty says:

  Make sure that the TTY (terminal) is never used for any output...

But it also makes sure that the TTY is not used for input as well.

More information about the Gnupg-users mailing list