gpg troubles

Friedhelm Waitzmann gnupgmlusers.fwnsp at
Mon Oct 29 04:18:31 CET 2018

Roland Siemons (P) at Fri., 2018-10-12:

>3/ Assisted remotely by some of you, I was able to sort out a very
>strange problem with decryption. The solution was found by manipulating
>my key from inside the gpg shell using the command line. I am not very
>experienced with the command line. A major difficulty for those for whom
>this is not daily bread and butter is that mistakes are easily made.
>Hence the great value of GUIs.

>4/ I observed some unclarities in the GnuPG manual
>(, here below under A.

This is the GnuPG privacy handbook rather than the GnuPG manual.
I suggest that you read the GnuPG manual
(<>) also, as
it is the definitve instruction how to use GnuPG.

>And perhaps also
>some bugs in gpg, here below under B (please consider). Here is my

>A/ I tried to revoke some subkeys, following the said manual (heading
>"Revoking key components"). gpg pretended to do the job. Everything
>looked fine. But it did'nt! After several hours of analysis (up to
>checking if GnuPG was installed consistently on my system), I found the
>issue: After the revkey procedure it is necessary to command "quit".

A better way of committing the changes is typing in «save».

Please see the GnuPG manual

For the «--edit-key» main command (given at the command line) it
lists the sub commands (to be typed into the edit key command


    Save all changes to the keyrings and quit.


    Quit the program without updating the keyrings. 

>Instead of quitting, gpg then asks "do you want to save yr changes" (or
>something like that).

This is to remind you that you are about to discard your changes.

>And only then the subkeys were revoked. The said
>manual does mention the command "quit" only once, and not even in a
>general place explaining the operations of gpg, and in fact without any
>explanation as to the impact of that command.

The GnuPG manual (not the privacy handbook) mentions both of
«save» and «quit» and explains the difference.

>Of course I am happy to
>have found out, but let's hope that I remember when after perhaps 2
>years time I have to use gpg shell again....

Just remember to read the GnuPG manual also.

>B/ It is not at all clear to me how to start the gpg shell.

This isn't a general («the») GnuPG shell for all GnuPG commands,
it is a shell for the limited set of «--edit-key» sub commands.
That is, the «--edit-key» specified at the GnuPG invocation
command line lets GnuPG run an interactive interpreter for the
«--edit-key» subcommands that have to be typed in.

>For example:
>1/ if (under the CMD terminal) I command "gpg -K", the lists of private
>keys is returned,

Generating this list doesn't need to ask the user to type any sub
commands, so there is no «--list-secret-keys» shell.

>but I am also returned to CMD, that is, kicked out of
>the gpg shell.

If GnuPG has written this list into its standard output channel,
the job is done, thus GnuPG terminates, nobody is «kicked out».

>2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I
>do indeed enter the gpg shell, the screen showing "gpg>".

You enter the shell that recognizes the limited set of the
«--edit-key» sub commands.

>That all may be allright, HOWEVER:

>3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command
>supplied.  Trying to guess what you mean ... <RETURN> gpg: Go ahead and
>type your message . <RETURN>

Please read the GnuPG manual

   «gpg may be run with no commands. In this case it will perform
   a reasonable action depending on the type of file it is given
   as input (an encrypted message is decrypted, a signature is
   verified, a file containing keys is listed, etc.).»

So GnuPG expects that you type in an encrypted message, a
detached signature, a clear‐signed message, a public key block, etc.

>Then if I type a gpg command, everything stalls.

Here you cannot type a GnuPG command, because GnuPG wants input,
i.e. data.  As you haven't specified any input file on the
command line, GnuPG wants this data through its standard input
channel, that is, typed in from the keyboard.

>No results whatsoever.

Unless the end of data is signalled (by typing the end‐of‐file
character, with UNIX usually control d, with MS Windows perhaps
control z), GnuPG repeats reading input lines.

>Even the command "quit" gives no results.

This «quit» is counted an input line of data, too.

>So I force quit by Ctrl-C.
>So, in general, how to start the gpg shell?

You don't in general start the GnuPG shell.  You put a command on
the invocation command line.  This command may or may not be an
interactive command.

If it is (as with «--edit-key»), GnuPG starts a sub command shell
(as with «--edit-key») to read and execute further sub commands.

If it is not (as with «--list-keys», «--sign», «--encrypt»,
etc.), GnuPG may (as with «--sign», «--encrypt», «--decrypt»,
etc.) expect input to process, or may not (as with «--list-keys»,
etc.) expect any input.

Please remember:  GnuPG is not a program, that does what you
mean.  It is a program, that does exactly what you command it to
do.  Thus you must know how to command GnuPG to do what you want
it to do for you.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <>

More information about the Gnupg-users mailing list