gpg: decryption failed: No secret key

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Tue Aug 7 23:54:52 CEST 2018 

Hello John.

Am Dienstag, den 07.08.2018, 16:27 -0400 schrieb Yu:
> Hi
> 
> I setup my gpg and keyed to Yubikey. My SSH works flawlessly. I have
> the
> master key and subkeys. So my authentication key, encryption key, and
> signing key should be totally fine.
> 
> John-Wong:tmp jwong$ gpg --list-secret-keys
> /Users/jwong/.gnupg/pubring.kbx
> -------------------------------
> sec#  rsa4096/0xC9E7221DAFCE6539 2018-08-07 [SC]
>       Key fingerprint = 463F FBF9 0399 725F 240E  7A11 C9E7 221D AFCE
> 6539
> uid                   [ultimate] John Wong <email>
> ssb#  rsa4096/0xF7254D474BF6AD14 2018-08-07 [S]
> ssb#  rsa4096/0xBAB7FE8D803C2351 2018-08-07 [E]
> ssb>  rsa4096/0x676CA8641A239FE2 2018-08-07 [SA]
> 

The # indicates, that the Keys are not available in the keyring.

> I am confused why I get this message:
> 
>     gpg: decryption failed: No secret key

> I tried gpg --import but still doesn't help.
> 
> John-Wong:~ jwong$ gpg --import mastersub.key
> gpg: key 0xC9E7221DAFCE6539: "John Wong <email>" not changed
> gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-
> status
> gpg: key 0xC9E7221DAFCE6539: secret key imported
> gpg: Total number processed: 1
> gpg:              unchanged: 1
> gpg:       secret keys read:
> 
> 
> Does anyone have any ideas for why this is happening? Thank you very
> much.
> This has been bothering me for few days now.

You should delete the complete secret key set from you keyring. Then
import the PUBLIC keys for the card keys and then do a gpg --card-
status.

Importing stubs is completely senseless, in my eyes.

If you set a fetch URL, you could also make --card-edit and issue a
fetch command.

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180807/02e9815b/attachment.sig>

More information about the Gnupg-users mailing list