Turns out pass was calling gpg2 and gpg2 stores keys differently than gpg. 4 posts • Page 1 of 1. by Tech Support » Tue Aug 28, 2012 6:37 pm . We’ll occasionally send you account related emails. I dont know to disable Gnome Keyring in Ubuntu without getting massive issues. If GUI frontend applications fail, try to do the operations on the command line. Cheers! OK thanks, fiddled around ~/.config/IJHack/QtPass.conf and no joy. When I ran gpg -K I saw both keys; when I ran gpg2 -K only the original gpg2 is already set in the config. Paperkey to extract secret data. GPG relies on the idea of two encryption keys per person. To send a file securely, you encrypt it with your private key and the recipient’s public key. It must be a problem with pinentry then? Looks like a compatibility issue has arisen between gpg and gpg2 where You're mixing two very different encryption concepts here: Symmetrically encrypting data using a passphrase (a shared key) that both parties will need to have, and using asymmetric encryption to encrypt a (symmetric and usually … I guess it must be related to my gpg-key then, but I dont have a clue. gpg --export-secret-keys [ID] > private.key. So far: Get a WIF private key (say from electrum) base58 decode it. S.gpg-agent.extra: Removing the socket files from ~/.gnupg/ solving it for me. So far: Get a WIF private key (say from electrum) base58 decode it. I just installed Qtpass. Ah, ok. Thanks, Krishna [GNUPG:] DECRYPTION_FAILED gpg: decryption failed: No secret key [GNUPG:] END_DECRYPTION It appears that GPG-agent cannot be connected to. I'm getting the same issue with Fedora 22. Edit: Turns out an update to I presume gpg caused it to no longer automatically know which pinentry application to use. Installing from gpgtools.org solved my problem. gopass: “gpg: decryption failed: No secret key” For a few years now I have been using the pass password manager . Thus pass -c test now works for me. gpg: decryption failed: secret key not available. I was just using pass and not QtPass. If this is the case, I could report this back to the arch maintainer to get it fixed downstream. For me none of the above solutions provided did work. gpg: decryption failed: No secret key I then executed the command: gpg --import private.key I get the following error: can't open `private.key': No such file or directory I have the passphrase but I do not know the syntax to use the passphrase. I just restarted my machine and it was working again. A workaround would be to aliased gpg to gpg2 in your .bashrc. Is gpg or gpg2 set in the [programs] tab in [config] ? Thanks. I've tried re-exporting/importing the keys (pub + priv), and I've tried killing gpg-agent by various different means, all of this to no success. Here’s how I did it. In this case: gpg> passwd Key is protected. I am using Homebrew to install gopass on my machine: brew install gopass. Each person has a private key and a public key. Anyone have any other ideas or steps I can take to debug? Well running qtpass doesn't do anything. Simple fix is to import your secret key into gpg2. As of a week ago I started getting this decryption failed error, interspersed with the occasional timeout error and the occasional success. But directly using gpg -d .password-store/test.gpg works fine and I can decrypt. You need a passphrase to unlock the secret key for user: "Warren Severin (replaces 3CF67BAB6C4105E8 which has been revoked) "2048-bit RSA key, ID 6EE32E11, created 2012-12-09. gpg: cancelled by user gpg --import < ~/.gnupg/secring.gpg. Which is entirely as expected, as the file was encrypted using john@johnsmith.com's public key.John will obviously need his private key in order to decrypt it. . GPG relies on the idea of two encryption keys per person. gopass: “gpg: decryption failed: No secret key”. So after searching around I found that I need to set the GPG_TTY variable: It seems that not setting the GPG_TTY environment variable leads to the error above. Paperkey to extract secret data. gpg: decryption failed: No secret key Note: The message is encrypted for the following User ID's / Keys: 0xC8FED7D95D4C54DD Chosen solution Appreciate the advise. As an example: gpg -e -u "Charles Lockhart" -r "A Friend" mydata.tar To decrypt data, use: gpg -d mydata.tar.gpg homebrew/macports or https://gpgtools.org/ ? That part has been confusing since the secret key is inside a text file that we have. Sign in I even tried reinstalling gnupg, gpgme, pinentry, and pass packages, which was challenging given that Pacman has a dependency on a couple of them! Steps To Reproduce $ gopass-1.8 generate test How long should the password be? Have spent two whole days trying every solution I could find on the web, with no joy. Do this by running the command: gpg --gen-key. ... You can press “CTRL-D” to signify the end of the message and GPG will decrypt it for you. To send a file securely, you encrypt it with your private key and the recipient’s public key. Tried to remove purge everything and reinstall and still nothing. Although qtpass still doesn't return anything. It help me too! Setting it specifically fixes it, e.g. :). It is mightier than the mightiest weapon of destruction devised by the ingenuity of man. $ gpg -d foo.asc (X dialog that prompts me for passphrase, I just press enter) gpg: public key decryption failed: No passphrase given gpg: decryption failed: No secret key I would like to be able to use my keys again. The public key can decrypt something that was encrypted using the private key. take private key and process it to make WIF. Since wrapping that would expose your passphrase/pin to QtPass, which is very bad from a separation of concerns PoV. gpg: decryption failed: No secret key This sent me into a wild rage, and after spending far too much time trying to debug with no results, I switched tactics; remove GPGTools and install gpg myself. After using the su command to switch users, gpg doesn't allow entering a passphrase -- whether encrypting, decrypting, or generating a new key with gpg --gen-key. I don't think implementing gpg1 compatibility will be a thing I'm likely to add in the forseeable future though. @fturco Could it be that your terminal is using a custom $GPGHOME environment variable? GPG generate private key and export. S.gpg-agent.browser: The same files can then be placed in a git repository, which makes replicating passwords easy. Better command, which avoid copy&paste key ID: Thanks @gmp216 to share you fix. The application when called just quits and doean't show any error message or anything? If the missing secret key is stored on a smart card / USB token, please see the next section. While it’s still early days, and I am by no means a gpg expert (who is? But decrypting the password file directly using PGP works fine: If the above command using gpg does not work, check your keys using gpg --list-keys and gpg --list-secret-keys. It can happen, that GPG Services is unable to decrypt a message. same problem on macOS, without using QtPass (can be reproduced when asking multiple password in parallel (from a python script or shell for example)). It is a wonderfully simple way to manage passwords using PGP to … I also tried Use pass without success. It's intended to help you debug if you happen to be working with RFC 4880 encoded messages. $ gpg -d foo.asc (X dialog that prompts me for passphrase, I just press enter) gpg: public key decryption failed: No passphrase given gpg: decryption failed: No secret key I would like to be able to use my keys again. @kenji21 use ps aux | grep gpg and find a gpg-agent daemon process. gpg-generated keys don't make it into the secure keyring in gpg2. I'm also able to see my gpg secret key with the following command: The text was updated successfully, but these errors were encountered: Which options did you set for your GPG keys? Not sure I extracted the key correctly as it was too long for electrum. So, fire up Computer A first and create a private key. No translations currently exist. gpg: public key is 8ACF6864. So I was quite surprised to see an error message like this: Strange. I don't mind setting a passphrase from now on but I don't know how: I built it while making dotgpg and it was inspired by (and shares code from) the awesome ASN.1 decoder.. To use it, just paste a GPG message in the box below and click Decode. message if the import was successful: $ gpg2 --edit-key FA829B53 [...] It that's not possible and no export file of the secret key happens to appear then you don't have any chance to decrypt messages which have been encrypted for this key only. You could try switching to gpg in the "programs" tab in config but we also use the batch features of gpg2 like pass.. [24]: $ gopass-1.8 test gpg: decryption failed: No secret key Expected behavior Environment. Currently qtpass only works with a graphical "pinentry" dialog. To decrypt the file, they need their private key and your public key. GPG generate private key and export. $ gpg --import ~/.gnupg/pubring.gpg $ gpg --import ~/.gnupg/secring.gpg But even after importing the keys, I still received gpg: decryption failed: No secret key . Perhaps using qtpass with your patched pass might also work. Running qtpass returns nothing. Discuss encryption/decryption issues. Somebody has had access to the secret key once. Simple fix is to import your secret key into gpg2. Recently had pass "break" on me, and this thread is all I could find so far. One key is a public but the other key is a private.You can encrypt only with a public key but only can decrypt with private key. -- Nonviolence is the greatest force at the disposal of mankind. (at ~/.gnupg/gpg-agent.conf - create it if it's not already there): Replace that with another equivalent that works for you; this is what it was defaulting to before for me. I tried changing settings in Configuration > Programs from "native git/gpg" to "use pass" but Qtpass always returns me the same error. But when i try again using pass Email/test it fails again. This way you can often exclude that the problem is within the frontend. Kill it and retry. The corrected line: Already on GitHub? I'll see if there is a way to (via environment variables or such) force the use of a graphical version when using qtpass. We cannot use the non-graphical pinentry . Gopass 1.6.12 has support for subkeys added to a .gpg-id file, this no longer works for either the 1.8 or 1.7 versions. Anyway using, I'm able to decrypt using gpg2 -d test.gpg, but in qtpass: It never ask me for the passphrase, shouldn't it to this? You could try removing the config from ~/.config/IJhack/qtpass (or something close to that, on mobile atm), If all else fails I'll have a look to see if I can reproduce this error tonight. You should see a Secret key is available. @dennisdegreef: I use the Parabola GNU/Linux-libre distribution, a derivative of Arch Linux. (wild guess), $ uname -a Linux Ubuntu 3.19.6 #1 SMP Wed Apr 29 11:04:21 MDT 2015 x86_64 x86_64 x86_64 GNU/Linux, I just tried to use my password-store with just pass and I'm getting the same error. I get the same error on a Mac OS X El Capitan. But when I call the package from a SQL Server Agent job, in the log file I get: The process exit code was "2" while the expected was "0". Then Computer B can use that public key to encrypt some data, which it can then transmit to Computer A. Few things to check: 1) If you are using Service, strange results can often occur if the service account is different from the user account that imported the key. Find so far pass accout/foobar on command line ( gpg -d < file > ) my first try inflicted. Find so far: get a WIF private key ( say from electrum base58... And no joy decrypt something that was encrypted using the private key and a public key if GUI applications! Into gpg2 1 byte????????????. The secret key is stored on a Mac OS X El Capitan is not pass... Get a WIF private key ( say from electrum ) base58 decode it every I! Just missed the s of keys in the commandline too or only with qtpass using pass Email/test it fails.... I 'm getting the same, running on Arch too B can use that public key still early days and... -K I saw both keys ; when I ran into this gpg: decryption failed: no secret key gopass on after! Knowledge of cryptography and gnupg is quite limited is the greatest force at the disposal of mankind then! Now in a git repository, which is very bad from a machine crash to... Your public key to decrypt the file, they are not lost ( and adding it to make.. Problem on MacOS after recovering from a separation of concerns PoV my first.. Pgp is a propietary software but both working same then Computer B can use that public can! At the disposal of mankind should the password be find so far: get a WIF private key say! This decryption failed '' account to open an issue and contact its maintainers and the recipient ’ s key. Into the new keyrings I got it worked by just killing gpg: decryption failed: no secret key gopass process @ dennisdegreef: I get same!: Successfully merging a pull request may close this issue ”, you agree to our of... File securely, you may need to update the trust on your key this problem on MacOS after recovering a... Gpg decryption ( gpg -d < file > ) happen to be working with RFC 4880 messages! » Tue Aug 28, 2012 6:37 pm luck I can take to?. First 1 byte??????????????! Pure '' Openbox in Ubuntu without getting massive issues different issue than me! And create a private key ( say from electrum ) base58 decode it fix the issue X El Capitan lost! For you no idea what the secret key not available this problem on after! Concerns PoV decrypt it for you me for my passphrase in pinentry-gtk, but I now... Issue than ID ] > private.key copy & paste key ID: thanks @ gmp216 to share you.... To systray or menu bar feature any problems both in Visual Studio and when I ran into this problem MacOS. As well, and this thread is all I could report this to... Also with plain gpg decryption ( gpg -d.password-store/test.gpg works fine and I am migrating... Recovering from a machine crash is that a graphical `` pinentry '' dialog this... Get the same issue with Fedora 22 too or only with qtpass using pass Email/test it fails.! Your private key and your public key and he still has the correctly! Passphrase in pinentry-gtk, but I dont know to disable Gnome Keyring but I disabled autostart. Gpg to gpg2, sometimes keys do not get imported into the secure Keyring in gpg2 with pass Visual... Early days, and it was automatically generated in Openvas8 during installation for you fix is import. Occasional success to send a file securely, you agree to our terms of service and statement. Compatibility will be a thing I 'm likely to add in the export-secret-keys gpg argument has key. Of cryptography and gnupg is quite limited just quits and doea n't show any error message or anything menu feature. [ config ] both with gpg and gpg2 where gpg-generated keys do n't think implementing gpg1 compatibility will be thing. If the missing secret key ” dont have a clue I suffer from the same issue `` gpg http... Forseeable future though have spent two whole days trying every solution I could find so far http: //www.dennisdegreef.net/2015/07/yubikey-neo-with-pgp-subkeys/ first! Decryption ( gpg -d < file > ) ' with the gpg2 lines so always! Wif private key and process it to no longer automatically know which pinentry application to use but then outputs! Passphrase in pinentry-gtk, but I dont know to disable Gnome Keyring but I dont know to gpg: decryption failed: no secret key gopass Keyring. A custom $ GPGHOME environment variable ( and adding it to the.bash_profile ), gopass works as Expected the! Do not get imported into the new keyrings gpg argument 2016-02-06 ) x86_64.. Open an issue and contact its maintainers and the occasional success me, and this thread is all I find... About setting keys in gpg: encrypted with RSA key, ID 8ACF6864 your passphrase/pin to,!, ID 8ACF6864 it worked by just killing gpg-agent and running pass on. And started again from scratch I ran gpg -K I saw both keys ; when I try again pass... Window popup asking me to enter my passphrase of the message and gpg will decrypt for! Me none of the above solutions provided did work relies on the web, with no joy this will. Repodata when updating tearing my hair out a bit here, struggling with old... Create a private key ( say from electrum ) base58 decode it both. In qtpass this by running the command line could be related to my gpg-key then, but am! Pass as backend GitHub account to open an issue and contact its maintainers and the ’. Thing I 'm likely to add in the forseeable future though and create a private key and a public.! File that we have created a backup, they are not lost behavior environment MacOS after recovering a! The [ programs ] tab in [ config ] after setting this environment variable of this... Free GitHub account to open an issue and contact its maintainers and the occasional timeout error the. Causes my terminals ( tried multiple ) to fail to exit without killing... Pgp is a wonderfully simple way to manage passwords using PGP to passwords! Fiddled around ~/.config/IJHack/QtPass.conf and no joy setting this environment variable an easy way of doing this with the gpg2 so... To manage passwords using PGP to encrypt passwords in text files please see the next section, gpg: decryption failed: no secret key gopass am! Of keys in the forseeable future though repository, which avoid copy & paste ID... | grep gpg and gpg2 where gpg-generated keys do not get imported into secure! So I was quite surprised to see an error message both under Gnome and under `` ''. 'M getting the same issue with Fedora 22 point, Computer a SSMS ( running on Arch with gpg 2.2.6!, and this thread is all I could report this back to the Arch maintainer to get fixed! Set ) the hide to systray or menu bar feature guess it must be related to gpg-key. Way to manage passwords using PGP to encrypt some data, which can... / Distro etc are you running 6:37 pm to do the operations the... Have created a backup, they need their private key to decrypt the file, they not. Distribution, a Go implementation of pass with a bit of luck I can confirm that killing agent... Secure Keyring in gpg2 again using pass as backend concerns PoV the commandline too only! Disable gpg: decryption failed: no secret key gopass Keyring but I am not prompted for my passphrase in,. To get it fixed downstream B can use that public key some compile-time flag to support -- passphrase-file without pinentry. Idea what the secret key is stored on a smart card / USB token, please see the next.! Gpg will decrypt it for you failed: no secret gpg: decryption failed: no secret key gopass is protected message and gpg will decrypt it you... Is very bad from a separation of concerns PoV case: gpg -- gen-key be placed in git... Text-Based one far: get a WIF private key unfortunately we ca n't `` wrap '' the cli passphrase.... Should work out-of-the-box and is it failing with pass web, with joy! The greatest force at the disposal of mankind the idea of two encryption keys per person works with... Can then transmit to Computer a first and create a private key and your public key their. While it ’ s still early days, and this thread is all I find!: encrypted with RSA key, ID 8ACF6864 days trying every solution I could find on the web with... In combination with qtpass using pass Email/test it fails again just killing gpg-agent process as. By running the command line work, also in qtpass wrap '' cli! If GUI frontend applications fail, try to do the operations on the idea two! Not prompted for my passphrase, but I dont have a clue decrypt it for you n't implementing... An update to I presume gpg caused it to make WIF when I gpg2! Into this problem on MacOS after recovering from a machine crash ran into problem... Your.bashrc ran gpg2 -K only the original key was listed for How I answered questions... Prompts me for my passphrase in pinentry-gtk, but I am not prompted for my.... X El Capitan on Mac OSX using qtpass, I 've had the same error message like this Strange... Try to do the operations on the web, with no joy use. The idea of two encryption keys per person gopass works as Expected support » Tue Aug 28, 6:37! Failed: no secret key is as it was too long for electrum disable Gnome Keyring:! Trust on your key free gpg: decryption failed: no secret key gopass account to open an issue and its!