Enigmail GPG error - gpg: decryption failed: secret key not available - public-key-encryption

I have a brand new install of Linux Mint 14. Installed Thunderbird & Enigmail.
Generated my key, got a friend's public key, imported it.
Sent my friend an encrypted email, he was able to decrypt it just fine.
However, when he responded, I got "gpg: decryption failed: secret key not available"
I tried deleting my key and reimporting it. I tried changing various settings. But I can't figure out what the problem is. I've used Linux/Thunderbird/Enigmail in the past and never had this error.

Sounds like your friend didn't encrypt the message to your public key in the first place. That error message just means that you did not possess the secret key for any of the keys the message was encrypted to.
I think you'll find that if you save the encrypted message into a file and run "gpg -v " it will tell you that it can't find a key on your keyring to decrypt it. I'm also willing to bet that running "gpg --list-packets" or "pgpdump" (which just makes the --list-packets option easier to read) on that file you'll find that the message was only encrypted to your friend's key.

Sounds stupid, but make sure you are not mixing up gpg keys and ssh keys. That's just the kind of brain fart that will have you tearing your hair out. That's why I keep my hair short :)
See this: Are GPG and SSH keys interchangeable?

I just had exactly the same thing happen as the OP but it was a different cause. I eventually noticed that Thunderbird Enigmail was looking in the keyring of gpg2 while I had used gpg to create the latest key pair. You can check if it is in gpg and bring it across:
gpg2 --list-secret-keys
gpg2 --import ~/.gnupg/secring.gpg
gpg2 --list-secret-keys
It will ask you for passwords of keys after the middle step.

Related

How to store my GPG key passphrase by using Kleopatra?

I generate the GPG key by following Github doc instructions and the doc remind me that I can store my GPG key passphrase by using Kleopatra to acheive that I don't need to enter the passphrase every time. I don't know how to do it.
This is controlled by the following setting:
Kleopatra Settings > GnuPG System > GPG Agent > Expire cached PINs after N seconds
Set it to 0 to make the cached password forgotten immediately.
Source: https://security.stackexchange.com/a/185424

OpenSSH for Windows connection with private key and passphrase

I want to switch from Putty to OpenSSH for SSH connections in windows to our servers. I want to use OpenSSH only as client and I have a private key with additional passphrase.
I tried to connect to my server and OpenSSH loads the keyfile, but everytime I enter the passphrase, it seems that it isn't correct.
C:\Users\user>ssh -i D:\folder\.ssh\private_key user#host
Enter passphrase for key 'D:\folder\.ssh\private_key':
Enter passphrase for key 'D:\folder\.ssh\private_key':
Enter passphrase for key 'D:\folder\.ssh\private_key':
user#host's password:
You can see, my keyfiles are not located in the standard folder. I don't think that this is the problem, so only fyi.
What is the problem? I installed OpenSSH with the standard configuration and changed nothing.
Edit:
I also tried a different keyfile on an other server which has also a passphrase: this also doesn't work. Is that maybe a problem in configuration?
I'm sorry.
I discovered that I load a very old version. I think I get it from sourceforge and the executables are very outdated (year 2003 to 2004).
You can get a actual version from github: https://github.com/PowerShell/Win32-OpenSSH/releases/. I don't know if this is the official release. It's a bit confusing.

No public key: Key with id: (XXXXX) was not able to be located (oss.sonatype.org)

I am trying to push my staging repository on oss.sonatype.org to central repository, but this action is getting failed and i am getting following exception
Event: Failed: Signature Validation
typeId signature-staging
failureMessage No public key: Key with id: (XXXXX) was not able to be located on http://keyserver.ubuntu.com:11371. Upload your public key and try the operation again.
I used gbp to generate public and well private key for me and i even sent public key to the server with following command
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys EE539F98
Still i am getting same exception.I cross checked and there is only one Sub Key, not sure what else i need to do to push public key so as this can be found by nexus
The various OpenPGP keyserver synchronize, but that takes some time. If you know which keyserver will be queried, you can directly upload your key there.
I did:
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys EE539F98
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys EE539F98
and now your key can successfully be found on Ubuntu's keyserver, without having to wait until it automatically synchronized.
Actually I ran the recv-command multiple times to find a keyserver in their pool which already had your key.
I got the error message:
No public key: Key with id: (xxxx) was not able to be
located on http://keyserver.ubuntu.com:port. Upload your public key
and try the operation again.
Then i entered the following command on console:
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys xxxx
(removed the :port from the end of the hostname)
It works!
Same thing here, the thing was :
uploading the key generated from my laptop works perfectly
uploading the key generated from the application server was not efficient, I did not get any error message but the key was never distributed
Maybe our application server was blocking this request, or maybe this one was rejected directly by Sonatype (like explained in https://issues.sonatype.org/browse/OSSRH-6697)
Anyway we found a workaround that I wanted to share with you guys :
generate the public key on your application server
gpg --gen-key
if you have already one, make a copy of pubring.gpg file in your local folder /Users/you/.gnupg/
download locally the public key pubring.gpg generated on your application server (using scp command for example), it should be located in the /home/username/.gnupg/ folder on your application server
put it in your local folder /Users/you/.gnupg/ and publish this key
gpg2 --list-keys
gpg2 --keyserver hkp://pool.sks-keyservers.net
--send-keys KEYID
the key should be published by now
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys KEYID
Please let me know if it helps!
Regards
gpg --keyserver hkp://keys.openpgp.org --send-keys your_public_key
I then retrived an email and cheked this key at https://keys.openpgp.org/

How to deal with Gnupg error: gpg: no default secret key: No secret key gpg: [stdin]: clearsign failed: No secret key?

I am getting an error:
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key
My secret keys are available to GPG.
If gpg --list-keys returns nothing, gpg --generate-key solves the problem.
This confusing error message wasted me days of time. I deploy my maven project to maven central, which was always working, but suddenly it gives this message without prompting the passcode. Searched through all the answers didn't solve my problem. Eventually, I found out my key is expired.
gpg --list-keys
So I need to change the expiration by using
gpg --edit-key
And make sure to update both keys.
It might be difference between gpg1 and gpg2. The secret keys are stored in different ways. You may have both of them.
Try
which gpg gpg2
If you do have both, run:
gpg2 --list-secret
gpg --list-secret
You maybe able to tell that one works, another does not.
Here's the answer: I am using latest gnupg version , but I have to use 0.44 gnupg interface version. I have reinstalled the gnupg.
Then no compilation errors were found. I am able to sign my message. but not able to send the request. The problem is I have not installed LWP::Protocol::Https module which is used by "Useragent" to send the request.( i came to know this that i have not installed the module by keeping simple print statements which shown the problem that LWP::Protocol::Https is not found). So i have installed LWP::Protocol::Https module through cpan. And i am good to go. Finally all is set :-)

Getting the email address of a gnupg public key from an encrypted file

I am writing a drupal module that encrypts a file using gnupg and sends it to a remote host. There appears to be some bug in my module where it uses the wrong public key to send to the remote host, because they're telling me it fails when they try to decrypt the file. This is the error message they get, from their windows batch file:
Beginning GPG Decryption
Using current version of GNUPG
gpg: encrypted with 2048-bit ELG-E key, ID F1940956, created 2002-04-25
"Wrong Public Key <another_key#another_company.com>"
gpg: decryption failed: secret key not available
However, when I try to decrypt the file I'm sending them, without the key, I get simply
$> gpg --decrypt sensitive_file.gpg
gpg: encrypted with ELG-E key, ID F1940956
gpg: decryption failed: secret key not available
I want gpg to report the email address of the key used to encrypt the file, like in the error message I'm getting from the remote host. I want to see Wrong Public Key <another_key#another_company.com>, like in their error message. But my gpg doesn't report that.
Am I missing a switch? How can I get this information?
The reason that the remote host was able to get the email address of the encrypting key was because of the id F1940956. The remote sign either already has this key, with additional information, on their keyring, or else looked it up in a registry, since this key is a published key.

Resources