gpg troubles

Roland Siemons (P) Siemons at
Wed Oct 31 10:21:11 CET 2018

Thanks Friedhelm,

That is a lot to think about.
I'll study ..

Best regards,


On 31/10/2018 01:33, gnupg-users-request at wrote:
> Date: Mon, 29 Oct 2018 04:18:31 +0100
> From: Friedhelm Waitzmann <gnupgmlusers.fwnsp at>
> To: gnupg-users at
> Subject: Re: gpg troubles
> Message-ID: <20181029031830.GA24386 at kugelfisch.zuhause.test>
> Roland Siemons (P) at Fri., 2018-10-12:
>> 3/ Assisted remotely by some of you, I was able to sort out a very
>> strange problem with decryption. The solution was found by manipulating
>> my key from inside the gpg shell using the command line. I am not very
>> experienced with the command line. A major difficulty for those for whom
>> this is not daily bread and butter is that mistakes are easily made.
>> Hence the great value of GUIs.
>> 4/ I observed some unclarities in the GnuPG manual
>> (, here below under A.
> This is the GnuPG privacy handbook rather than the GnuPG manual.
> I suggest that you read the GnuPG manual
> (<>) also, as
> it is the definitve instruction how to use GnuPG.
>> And perhaps also
>> some bugs in gpg, here below under B (please consider). Here is my
>> experience:
>> A/ I tried to revoke some subkeys, following the said manual (heading
>> "Revoking key components"). gpg pretended to do the job. Everything
>> looked fine. But it did'nt! After several hours of analysis (up to
>> checking if GnuPG was installed consistently on my system), I found the
>> issue: After the revkey procedure it is necessary to command "quit".
> A better way of committing the changes is typing in ?save?.
> Please see the GnuPG manual
> (<>).
> For the ?--edit-key? main command (given at the command line) it
> lists the sub commands (to be typed into the edit key command
> shell):
> save
>     Save all changes to the keyrings and quit.
> quit
>     Quit the program without updating the keyrings. 
>> Instead of quitting, gpg then asks "do you want to save yr changes" (or
>> something like that).
> This is to remind you that you are about to discard your changes.
>> And only then the subkeys were revoked. The said
>> manual does mention the command "quit" only once, and not even in a
>> general place explaining the operations of gpg, and in fact without any
>> explanation as to the impact of that command.
> The GnuPG manual (not the privacy handbook) mentions both of
> ?save? and ?quit? and explains the difference.
>> Of course I am happy to
>> have found out, but let's hope that I remember when after perhaps 2
>> years time I have to use gpg shell again....
> Just remember to read the GnuPG manual also.
>> B/ It is not at all clear to me how to start the gpg shell.
> This isn't a general (?the?) GnuPG shell for all GnuPG commands,
> it is a shell for the limited set of ?--edit-key? sub commands.
> That is, the ?--edit-key? specified at the GnuPG invocation
> command line lets GnuPG run an interactive interpreter for the
> ?--edit-key? subcommands that have to be typed in.
>> For example:
>> 1/ if (under the CMD terminal) I command "gpg -K", the lists of private
>> keys is returned,
> Generating this list doesn't need to ask the user to type any sub
> commands, so there is no ?--list-secret-keys? shell.
>> but I am also returned to CMD, that is, kicked out of
>> the gpg shell.
> If GnuPG has written this list into its standard output channel,
> the job is done, thus GnuPG terminates, nobody is ?kicked out?.
>> 2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I
>> do indeed enter the gpg shell, the screen showing "gpg>".
> You enter the shell that recognizes the limited set of the
> ?--edit-key? sub commands.
>> That all may be allright, HOWEVER:
>> 3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command
>> supplied.? Trying to guess what you mean ... <RETURN> gpg: Go ahead and
>> type your message . <RETURN>
> Please read the GnuPG manual
> (<>):
>    ?gpg may be run with no commands. In this case it will perform
>    a reasonable action depending on the type of file it is given
>    as input (an encrypted message is decrypted, a signature is
>    verified, a file containing keys is listed, etc.).?
> So GnuPG expects that you type in an encrypted message, a
> detached signature, a clear?signed message, a public key block, etc.
>> Then if I type a gpg command, everything stalls.
> Here you cannot type a GnuPG command, because GnuPG wants input,
> i.e. data.  As you haven't specified any input file on the
> command line, GnuPG wants this data through its standard input
> channel, that is, typed in from the keyboard.
>> No results whatsoever.
> Unless the end of data is signalled (by typing the end?of?file
> character, with UNIX usually control d, with MS Windows perhaps
> control z), GnuPG repeats reading input lines.
>> Even the command "quit" gives no results.
> This ?quit? is counted an input line of data, too.
>> So I force quit by Ctrl-C.
>> So, in general, how to start the gpg shell?
> You don't in general start the GnuPG shell.  You put a command on
> the invocation command line.  This command may or may not be an
> interactive command.
> If it is (as with ?--edit-key?), GnuPG starts a sub command shell
> (as with ?--edit-key?) to read and execute further sub commands.
> If it is not (as with ?--list-keys?, ?--sign?, ?--encrypt?,
> etc.), GnuPG may (as with ?--sign?, ?--encrypt?, ?--decrypt?,
> etc.) expect input to process, or may not (as with ?--list-keys?,
> etc.) expect any input.
> Please remember:  GnuPG is not a program, that does what you
> mean.  It is a program, that does exactly what you command it to
> do.  Thus you must know how to command GnuPG to do what you want
> it to do for you.
> Regards
> Friedhelm

Roland Siemons
Haaksbergerstraat 205

t: O645616734

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xAEEC5E2ED87628F5.asc
Type: application/pgp-keys
Size: 7632 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list