"gpg: decryption failed: No secret key" after export-import to another host

sergio sergio at outerface.net
Sun Jun 6 23:24:26 CEST 2021


I found the sequence to reproduce my problem:


$ rm -rf .gnupg
$ gpg --gen-key --batch <<EOF
         %echo Generating a 25519 key
         Key-Type: eddsa
         Key-Curve: Ed25519
         Key-Usage: cert
         Subkey-Type: ecdh
         Subkey-Curve: Ed25519
         Subkey-Usage: encrypt
         Name-Real: test
         Name-Email: test at test.com
         %commit
         %echo done
EOF
gpg: directory '/home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: Generating a 25519 key
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
gpg: key 6C6DB60F0545821C marked as ultimately trusted
gpg: directory '/home/test/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as 
'/home/test/.gnupg/openpgp-revocs.d/268017E33AFCBAD119C2FB626C6DB60F0545821C.rev'
gpg: done
$ gpg -K
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/test/.gnupg/pubring.kbx
-----------------------------
sec   ed25519 2021-06-06 [C]
       268017E33AFCBAD119C2FB626C6DB60F0545821C
uid           [ultimate] test <test at test.com>
ssb   ed25519 2021-06-06 [E]

$ echo test | gpg --encrypt --recipient test at test.com | gpg --decrypt
gpg: encrypted with 256-bit ECDH key, ID 683197C0DF776EC0, created 
2021-06-06
       "test <test at test.com>"
test

$ gpg --export-secret-keys -a > keys.asc
$ rm -rf .gnupg
$ gpg --import --trust-model always keys.asc
gpg: directory '/home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: key 6C6DB60F0545821C: public key "test <test at test.com>" imported
gpg: key 6C6DB60F0545821C: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
$ gpg -K
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
/home/test/.gnupg/pubring.kbx
-----------------------------
sec   ed25519 2021-06-06 [C]
       268017E33AFCBAD119C2FB626C6DB60F0545821C
uid           [ unknown] test <test at test.com>
ssb#  ed25519 2021-06-06 [E]

$ echo test | gpg --encrypt --recipient test at test.com | gpg --decrypt
gpg: 683197C0DF776EC0: There is no assurance this key belongs to the 
named user

sub  ed25519/683197C0DF776EC0 2021-06-06 test <test at test.com>
  Primary key fingerprint: 2680 17E3 3AFC BAD1 19C2  FB62 6C6D B60F 0545 
821C
       Subkey fingerprint: C0E4 F2BE 8532 1C1A 3777  8963 6831 97C0 DF77 
6EC0

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
gpg: encrypted with 256-bit ECDH key, ID 683197C0DF776EC0, created 
2021-06-06
       "test <test at test.com>"
gpg: decryption failed: No secret key
$


Is this a gnupg bug or I'm doing something wrong?

-- 
sergio.



More information about the Gnupg-users mailing list