"gpg: decryption failed: No secret key" after export-import to another host
sergio
sergio at outerface.net
Sun Jun 6 23:24:26 CEST 2021
I found the sequence to reproduce my problem:
$ rm -rf .gnupg
$ gpg --gen-key --batch <<EOF
%echo Generating a 25519 key
Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: cert
Subkey-Type: ecdh
Subkey-Curve: Ed25519
Subkey-Usage: encrypt
Name-Real: test
Name-Email: test at test.com
%commit
%echo done
EOF
gpg: directory '/home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: Generating a 25519 key
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
gpg: key 6C6DB60F0545821C marked as ultimately trusted
gpg: directory '/home/test/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as
'/home/test/.gnupg/openpgp-revocs.d/268017E33AFCBAD119C2FB626C6DB60F0545821C.rev'
gpg: done
$ gpg -K
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/test/.gnupg/pubring.kbx
-----------------------------
sec ed25519 2021-06-06 [C]
268017E33AFCBAD119C2FB626C6DB60F0545821C
uid [ultimate] test <test at test.com>
ssb ed25519 2021-06-06 [E]
$ echo test | gpg --encrypt --recipient test at test.com | gpg --decrypt
gpg: encrypted with 256-bit ECDH key, ID 683197C0DF776EC0, created
2021-06-06
"test <test at test.com>"
test
$ gpg --export-secret-keys -a > keys.asc
$ rm -rf .gnupg
$ gpg --import --trust-model always keys.asc
gpg: directory '/home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: key 6C6DB60F0545821C: public key "test <test at test.com>" imported
gpg: key 6C6DB60F0545821C: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ gpg -K
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
/home/test/.gnupg/pubring.kbx
-----------------------------
sec ed25519 2021-06-06 [C]
268017E33AFCBAD119C2FB626C6DB60F0545821C
uid [ unknown] test <test at test.com>
ssb# ed25519 2021-06-06 [E]
$ echo test | gpg --encrypt --recipient test at test.com | gpg --decrypt
gpg: 683197C0DF776EC0: There is no assurance this key belongs to the
named user
sub ed25519/683197C0DF776EC0 2021-06-06 test <test at test.com>
Primary key fingerprint: 2680 17E3 3AFC BAD1 19C2 FB62 6C6D B60F 0545
821C
Subkey fingerprint: C0E4 F2BE 8532 1C1A 3777 8963 6831 97C0 DF77
6EC0
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
gpg: encrypted with 256-bit ECDH key, ID 683197C0DF776EC0, created
2021-06-06
"test <test at test.com>"
gpg: decryption failed: No secret key
$
Is this a gnupg bug or I'm doing something wrong?
--
sergio.
More information about the Gnupg-users
mailing list