gpg: decryption failed: No secret key

Dirk Gottschalk dirk.gottschalk1980 at
Wed Aug 8 06:14:45 CEST 2018


Am Mittwoch, den 08.08.2018, 00:03 -0400 schrieb Yu:
> WOW! That works.
> To document this, if anyone ever run into this situation:
> > sec#  rsa4096/0xC9E7221DAFCE6539  created: 2018-08-07  expires:
> > never
> This is the key I need to delete from the card/yubikey.
> 1. gpg --delete-key 0xC9E7221DAFCE6539
> 2. gpg --card-status should return NONE and  gpg --list-keys would
> return
> gpg: no ultimately trusted keys found
> 3. pull out the card
> 4. run gpg --import PUBLIC_KEY_FILE
> 5. insert the card
> 6. gpg --card-status
> 7. now try to encrypt and decrypt (you will be prompted to enter your
> to unlock your card).
> Thank you Dirk!

You're welcome.

This is, AFAIK, also somewhere deep inside the docs.

Just to make things clear. The user information, UID and so on, is in
the public part of the key, AFAIK. This means, to map the secret key to
it's ither data, you must have the public key in your keyring. The --
card-status reads the information oin the card and maps the key to the
public part using the Fingerprint, I think.

In my case, when I use one of my cards, where the fetch URL is not set,
I download the keys from the keyserver with "--recv-keys" and then I
read the card with "--card-status". But in general, I prefer the way
using the fetch URL. It's faster to make "--card-edit" and just use
fetch. This comines both funcrions.


Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Gnupg-users mailing list