I generate the GPG key by following Github doc instructions and the doc remind me that I can store my GPG key passphrase by using Kleopatra to acheive that I don't need to enter the passphrase every time. I don't know how to do it.
This is controlled by the following setting:
Kleopatra Settings > GnuPG System > GPG Agent > Expire cached PINs after N seconds
Set it to 0 to make the cached password forgotten immediately.
Source: https://security.stackexchange.com/a/185424
Related
i`ve got a problem with encrypting some stuff on a Debian 8.10 server.
I have a few keys imported into my keyring and am able to check if all that need to be there are actually there with
gpg --list-keys
Whenever my script runs which contains the following command
gpg --trust-model always -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -e
i get this error
gpg: XXXXXXXX: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found
None of the keys that aren't working are expired.
I imported every Key by hand via gpg --import bla.asc
If anyone knows what I might be doing wrong - help would be appreciated.
Thanks in advance
Hi for me same key is working on lower Environment but not production i got following error on prod :: No Public Key
Reason :: on prod Environment Public key is imported for root as well as another user. I removed from Root users and import again with my own user again it start encrypting the file.
I have a brand new install of Linux Mint 14. Installed Thunderbird & Enigmail.
Generated my key, got a friend's public key, imported it.
Sent my friend an encrypted email, he was able to decrypt it just fine.
However, when he responded, I got "gpg: decryption failed: secret key not available"
I tried deleting my key and reimporting it. I tried changing various settings. But I can't figure out what the problem is. I've used Linux/Thunderbird/Enigmail in the past and never had this error.
Sounds like your friend didn't encrypt the message to your public key in the first place. That error message just means that you did not possess the secret key for any of the keys the message was encrypted to.
I think you'll find that if you save the encrypted message into a file and run "gpg -v " it will tell you that it can't find a key on your keyring to decrypt it. I'm also willing to bet that running "gpg --list-packets" or "pgpdump" (which just makes the --list-packets option easier to read) on that file you'll find that the message was only encrypted to your friend's key.
Sounds stupid, but make sure you are not mixing up gpg keys and ssh keys. That's just the kind of brain fart that will have you tearing your hair out. That's why I keep my hair short :)
See this: Are GPG and SSH keys interchangeable?
I just had exactly the same thing happen as the OP but it was a different cause. I eventually noticed that Thunderbird Enigmail was looking in the keyring of gpg2 while I had used gpg to create the latest key pair. You can check if it is in gpg and bring it across:
gpg2 --list-secret-keys
gpg2 --import ~/.gnupg/secring.gpg
gpg2 --list-secret-keys
It will ask you for passwords of keys after the middle step.
Despite me installing pinentry, I still get the following error:
xxxxxxxMacxxxxx:~ MAU$ gpg2 -c --cipher-algo=aes
gpg-agent[89931]: can't connect to the PIN entry module: IPC connect call failed
gpg-agent[89931]: command get_passphrase failed: No pinentry
gpg: problem with the agent: No pinentry
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `[stdin]' failed: Operation cancelled
You may have an old (and wrong) entry in your gpg-agent.conf file. Check this config file for an incorrect path to the pinentry-program and delete this line.
I've had that error message when trying to decrypt a (symmetrically encrypted) file on OS X (macOS Sierra 10.12.4). Solution was to add the option --pinentry-mode loopback
bla$ gpg -d ciphertext.gpg
gpg: AES encrypted data
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
bla$ gpg --pinentry-mode loopback -d ciphertext.gpg
gpg: AES encrypted data
Enter passphrase: ...
gpg: encrypted with 1 passphrase
...plaintext...
I've had this after using sudo -u foo -H bash, solution was to ssh localhost to get a proper fresh environment.
Diffing env | sort showed several differences between the two sessions, but modifying the sudoey one to be the same didn't help. The thing I didn't try was starting XDG.
Possibly the difference is the existence of an XDG session? (Running Debian mostly-8.10)
on macOS, removing my local .gnupg configuration and retrying worked.
rm -rf ~/.gnupg*
I am getting an error:
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key
My secret keys are available to GPG.
If gpg --list-keys returns nothing, gpg --generate-key solves the problem.
This confusing error message wasted me days of time. I deploy my maven project to maven central, which was always working, but suddenly it gives this message without prompting the passcode. Searched through all the answers didn't solve my problem. Eventually, I found out my key is expired.
gpg --list-keys
So I need to change the expiration by using
gpg --edit-key
And make sure to update both keys.
It might be difference between gpg1 and gpg2. The secret keys are stored in different ways. You may have both of them.
Try
which gpg gpg2
If you do have both, run:
gpg2 --list-secret
gpg --list-secret
You maybe able to tell that one works, another does not.
Here's the answer: I am using latest gnupg version , but I have to use 0.44 gnupg interface version. I have reinstalled the gnupg.
Then no compilation errors were found. I am able to sign my message. but not able to send the request. The problem is I have not installed LWP::Protocol::Https module which is used by "Useragent" to send the request.( i came to know this that i have not installed the module by keeping simple print statements which shown the problem that LWP::Protocol::Https is not found). So i have installed LWP::Protocol::Https module through cpan. And i am good to go. Finally all is set :-)
I am writing a drupal module that encrypts a file using gnupg and sends it to a remote host. There appears to be some bug in my module where it uses the wrong public key to send to the remote host, because they're telling me it fails when they try to decrypt the file. This is the error message they get, from their windows batch file:
Beginning GPG Decryption
Using current version of GNUPG
gpg: encrypted with 2048-bit ELG-E key, ID F1940956, created 2002-04-25
"Wrong Public Key <another_key#another_company.com>"
gpg: decryption failed: secret key not available
However, when I try to decrypt the file I'm sending them, without the key, I get simply
$> gpg --decrypt sensitive_file.gpg
gpg: encrypted with ELG-E key, ID F1940956
gpg: decryption failed: secret key not available
I want gpg to report the email address of the key used to encrypt the file, like in the error message I'm getting from the remote host. I want to see Wrong Public Key <another_key#another_company.com>, like in their error message. But my gpg doesn't report that.
Am I missing a switch? How can I get this information?
The reason that the remote host was able to get the email address of the encrypting key was because of the id F1940956. The remote sign either already has this key, with additional information, on their keyring, or else looked it up in a registry, since this key is a published key.