Decryption fails with "No secret key"

Ingo Klöcker kloecker at kde.org
Sun Jan 5 16:17:04 CET 2020


On Freitag, 3. Januar 2020 13:53:00 CET Gabriele Pohl wrote:
> After upgrading my PC to Fedora 30
[...]
> a problem with decrypting came up.
> 
> Encryption works:
> 
> $ gpg --verbose --output test.txt.gpg --recipient contact at dipohl.de
> --encrypt test.txt
[...]
> gpg: RSA/AES256 encrypted for: "4BB3049F19616A80 Gabriele Pohl
> <contact at dipohl.de>"
[...]
> But decrypting fails:
> 
> $ gpg --verbose --decrypt test.txt.gpg
> gpg: public key is 4BB3049F19616A80
> gpg: using subkey 4BB3049F19616A80 instead of primary key 9C7646202CE0CBB2
> gpg: encrypted with 4096-bit RSA key, ID 4BB3049F19616A80, created
> 2016-09-05 "Gabriele Pohl <contact at dipohl.de>"
> gpg: decryption failed: No secret key
> 
> The secret key is available:
> 
> gpg> list
> 
> sec  rsa2048/9C7646202CE0CBB2
>      created: 2012-09-05  expires: 2020-03-16  usage: SC
>      trust: ultimate      validity: ultimate
> ssb  rsa2048/51E12CABCB4F0264
  ===
>      created: 2012-09-05  expired: 2016-09-04  usage: E
> sub  rsa4096/4BB3049F19616A80
  ===
>      created: 2016-09-05  expires: 2020-03-16  usage: E
> [ultimate] (1). Gabriele Pohl <contact at dipohl.de>

The secret key of subkey 4BB3049F19616A80 is not available (it's listed as 
"sub", but not as "ssb"). Only the secret keys of the main key and the expired 
subkey are available.

I suspect a gpg1 vs. gpg2 problem, i.e. the secret key of subkey 
4BB3049F19616A80 is only available to gpg1 or gpg2, but not to both (they use 
different key storages). Fedora 30 probably used gpg2 when you run 'gpg' while 
the previous version used gpg1.

Possible solution:
* Make a backup (just to be sure).
* Re-run the migration of the keys from the old storage format to the new one. 
I think all you have to do is to remove the file ~/.gnupg/.gpg-v21-migrated.

Regards,
Ingo






More information about the Gnupg-users mailing list