secret key (not) available

Henry Hertz Hobbit hhhobbit at securemecca.net
Sun Dec 17 09:37:11 CET 2006


On Wed, 2006-12-13 at 01:24 -0800, ricowidmer at gmx.ch  wrote:

> 
> 
> Hallo everybody
> 
> I use GPG 1.4.4 and have encrypted a txt-file on computer A.

Encrypted how, symmetrically, or asymmetrically?

> I put this encrypted txt-file to computer B and wanted to decrypt
> it there. Then computer B said "secret key not available".
> So I exported my keys from computer A and imported them in
> computer B.

How did you export them?

gpg -a --export YOURKEYID > yourkey.asc
# or
gpg -a --export-secret-keys YOURKEYID > yoursecretkey.asc

The first just exports your public key.  The second exports both
your public and your secret key of the keypair.  The import should
go without a hitch for either one, but their won't be a secret key
if you use the first. If you encrypted only symmetrically it won't
have any effect.

> But the error remained. So I copied the encrypted txt-file back to
> computer A and wanted to decrypt it there. But there was the same
> error! gpg --list-keys didn't even show any keys on computer A.

Can you do a:

cd ; cd .gnupg

on machine A?  If you can, then after that do a:

ls -l

You should at least see the following files:

gpg.conf
pubring.gpg
pubring.gpg~
random_seed
secring.gpg
trustdb.gpg

Also do it on machine B.  If they aren't there,
then make sure you specify WHERE they are at (and
find where they are at.  If you have to (disk and
CPU intensive):

find / -name secring.gpg -print 2> /dev/null

> So I exported the keys from computer B and imported them on
> computer A. Where they were actually created. But it still
> didn't work.

Again, can you see the secret keys on machine B, e.g.:

gpg --K

> I have another file encrypted with gpg on computer A and I
> can decrypt this file.
> 
> gpg -K does not show any keys (!?)
> 

Was this file encrypted with symmetric or asymmetric
encryption?

Symmetric example:
------------------
gpg -a -c --force-mdc --cipher-algo ${CIPHER} < INFILE > OUTFILE

Asymmetric example:
-------------------
gpg -a -e -r PERSON at THEIRMAILHOST < INFILE > OUTFILE

> I hope this problem is not too confusing.
> Thank you very much for your effort!

The only thing confusing is just what you have, how you are doing
the encryption (symmetric or asymmetric), whether you have any
keys at all (I am assuming you did a gpg --gen-key before the
start of all this), etc.  It IS possible to do a symmetric
encryption without any keys at all (although gpg WILL create an
empty pubring.gpg file).

1. I suspect you are NOT encrypting the first file with
   symmetric encryption, but are doing it with the second file
   (the one you can decrypt on machine A).  Copy the second file
   to machine B and decrypt it.

2. Since the first file is probably being encrypted with asymmetric
   encryption, I suggest you are encrypting it with the public
   key, but don't have the secret key.  The only person that can
   decrypt the file that was encrypted is the one that has the
   secret key that corresponds to the public key that was used.

If when you do a "gpg -K" on both machines and no keys show up,
then you have NO secret keys.  Are you sure you did a
"gpg --gen-key" at the start of all this?  On the other hand,
if you do a gpg --list-keys and the public key you are using
is there, then it is totally understandable that if you are
using asymmetric encryption that you can encrypt the file
but not decrypt it.

Did that help or am *I* missing something?  If I did miss
something then please fill us in.  If you generated the key
pair (public / secret)  it is hignly possible your
~/.gnupg/secring.gpg file has been damaged, which is exactly
what is going through my mind right now.

HHH





More information about the Gnupg-users mailing list