Decryption fails with "No secret key"
Ingo Klöcker
kloecker at kde.org
Sun Jan 5 16:17:04 CET 2020
On Freitag, 3. Januar 2020 13:53:00 CET Gabriele Pohl wrote:
> After upgrading my PC to Fedora 30
[...]
> a problem with decrypting came up.
>
> Encryption works:
>
> $ gpg --verbose --output test.txt.gpg --recipient contact at dipohl.de
> --encrypt test.txt
[...]
> gpg: RSA/AES256 encrypted for: "4BB3049F19616A80 Gabriele Pohl
> <contact at dipohl.de>"
[...]
> But decrypting fails:
>
> $ gpg --verbose --decrypt test.txt.gpg
> gpg: public key is 4BB3049F19616A80
> gpg: using subkey 4BB3049F19616A80 instead of primary key 9C7646202CE0CBB2
> gpg: encrypted with 4096-bit RSA key, ID 4BB3049F19616A80, created
> 2016-09-05 "Gabriele Pohl <contact at dipohl.de>"
> gpg: decryption failed: No secret key
>
> The secret key is available:
>
> gpg> list
>
> sec rsa2048/9C7646202CE0CBB2
> created: 2012-09-05 expires: 2020-03-16 usage: SC
> trust: ultimate validity: ultimate
> ssb rsa2048/51E12CABCB4F0264
===
> created: 2012-09-05 expired: 2016-09-04 usage: E
> sub rsa4096/4BB3049F19616A80
===
> created: 2016-09-05 expires: 2020-03-16 usage: E
> [ultimate] (1). Gabriele Pohl <contact at dipohl.de>
The secret key of subkey 4BB3049F19616A80 is not available (it's listed as
"sub", but not as "ssb"). Only the secret keys of the main key and the expired
subkey are available.
I suspect a gpg1 vs. gpg2 problem, i.e. the secret key of subkey
4BB3049F19616A80 is only available to gpg1 or gpg2, but not to both (they use
different key storages). Fedora 30 probably used gpg2 when you run 'gpg' while
the previous version used gpg1.
Possible solution:
* Make a backup (just to be sure).
* Re-run the migration of the keys from the old storage format to the new one.
I think all you have to do is to remove the file ~/.gnupg/.gpg-v21-migrated.
Regards,
Ingo
More information about the Gnupg-users
mailing list