I'm confused about GPG, and it's confused about me

Peter Lebbing peter at digitalbrains.com
Fri Jan 27 14:10:31 CET 2017

On 27/01/17 03:25, Reid Vail wrote:
> rsv2 at rsv2-Serval-Pro ~ $ gpg --with-fingerprint rsv869 at runbox.com_public.asc
> pub  2048R/26F66FEB 2016-11-09 Reid Vail <rsv869 at runbox.com>
>       Key fingerprint = 3A74 A1DB 2C79 6657 D14B  A6B8 3EDE 6A32 26F6 6FEB
> sub  2048R/14C2E935 2016-11-09
> pub  2048R/A780EFF6 2017-01-17 Reid Vail (runbox) <rsv869 at runbox.com>
>       Key fingerprint = 1F35 6DC3 3182 016A 8E59  E509 9A72 F153 A780 EFF6
> sub  2048R/1ED8FE07 2017-01-17

This merely shows the content of a file on your disk.

> The one I want to sign is A780EFF6.

To sign a key, you need to have it in your keyring. However, based on

> rsv2 at rsv2-Serval-Pro ~ $ gpg --default-key A780EFF6 --clearsign REIDgpg
> You need a passphrase to unlock the secret key for
> user: "Reid Vail (runbox) <rsv869 at runbox.com>"
> 2048-bit RSA key, ID A780EFF6, created 2017-01-17

I'm thinking you're trying to sign your own key, which is not something
that can be done. There is the so-called self-signature, but it is not
done by --sign-key but rather by changing some aspect of your key with

It would appear (because it asks for a passphrase) that your system has
this private key in its keyring.

> gpg: can't open `REIDgpg': No such file or directory

You are asking GnuPG to issue a detached signature on a file in your
current directory called REIDgpg. This file appears not to exist.

> That last is obviously my misunderstanding the command structure, but the man pages
> are just a little too opaque for me.... 

The man pages are reference manuals, not introductory texts. They are
indeed opaque if you're trying to learn how to do stuff on the command
line. [1] is better, but it is old. I must admit I'm not really well
acquainted with introductory texts.

You can see which private keys your system has in its keyring by

$ gpg -K

And it would appear you have multiple since GnuPG complains "no default
secret key".

What are you trying to do? Please try to indicate the end rather than
the means. When you say "I want to sign key A780EFF6" it is not clear to
me what you are trying to accomplish by that. Do you want to make that
key valid? If it's your own key, that won't work. That's for making
other people's keys valid. Your own key should have its trust level set
to "ultimate" to make it valid. This is something that GnuPG does
automatically when creating a key, but not when importing a secret key
that was created with a different GnuPG installation.

Hope that helps a little bit,


[1] https://www.gnupg.org/gph/en/manual.html

> Any suggestions are welcome.  
> RSV869
> On Mon, 23 Jan 2017 15:36:18 -0500
> vedaal at nym.hush.com wrote:
>> On 1/23/2017 at 1:00 PM, "reid vail"  wrote:Hi vedaal -
>> thanks for your response.  I'll follow those instructions.  
>> when you say that's the 'default' key I believe you mean it's the
>> default key fore that that specific GnuPG correspondent, right?  And
>> by extension, when I import any other public keys I need to sign them
>> as trusted (in this case, by Seahorse), as you instructed below.  
>> That's the process, I think :->
>> =====
>> yes.
>> also, should you ever need to upgrade to a newer linux system, and
>> want to import your keys,
>> you would need to first make a keypair in the GnuPg Seahorse or GPA or
>> whatever gui you use, in the new system, and then import your keys and
>> sign them the the new key
>> vedaal
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list