Despite me installing pinentry, I still get the following error:
xxxxxxxMacxxxxx:~ MAU$ gpg2 -c --cipher-algo=aes
gpg-agent[89931]: can't connect to the PIN entry module: IPC connect call failed
gpg-agent[89931]: command get_passphrase failed: No pinentry
gpg: problem with the agent: No pinentry
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `[stdin]' failed: Operation cancelled
You may have an old (and wrong) entry in your gpg-agent.conf file. Check this config file for an incorrect path to the pinentry-program and delete this line.
I've had that error message when trying to decrypt a (symmetrically encrypted) file on OS X (macOS Sierra 10.12.4). Solution was to add the option --pinentry-mode loopback
bla$ gpg -d ciphertext.gpg
gpg: AES encrypted data
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
bla$ gpg --pinentry-mode loopback -d ciphertext.gpg
gpg: AES encrypted data
Enter passphrase: ...
gpg: encrypted with 1 passphrase
...plaintext...
I've had this after using sudo -u foo -H bash, solution was to ssh localhost to get a proper fresh environment.
Diffing env | sort showed several differences between the two sessions, but modifying the sudoey one to be the same didn't help. The thing I didn't try was starting XDG.
Possibly the difference is the existence of an XDG session? (Running Debian mostly-8.10)
on macOS, removing my local .gnupg configuration and retrying worked.
rm -rf ~/.gnupg*
Related
i`ve got a problem with encrypting some stuff on a Debian 8.10 server.
I have a few keys imported into my keyring and am able to check if all that need to be there are actually there with
gpg --list-keys
Whenever my script runs which contains the following command
gpg --trust-model always -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -e
i get this error
gpg: XXXXXXXX: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found
None of the keys that aren't working are expired.
I imported every Key by hand via gpg --import bla.asc
If anyone knows what I might be doing wrong - help would be appreciated.
Thanks in advance
Hi for me same key is working on lower Environment but not production i got following error on prod :: No Public Key
Reason :: on prod Environment Public key is imported for root as well as another user. I removed from Root users and import again with my own user again it start encrypting the file.
I am trying to push my staging repository on oss.sonatype.org to central repository, but this action is getting failed and i am getting following exception
Event: Failed: Signature Validation
typeId signature-staging
failureMessage No public key: Key with id: (XXXXX) was not able to be located on http://keyserver.ubuntu.com:11371. Upload your public key and try the operation again.
I used gbp to generate public and well private key for me and i even sent public key to the server with following command
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys EE539F98
Still i am getting same exception.I cross checked and there is only one Sub Key, not sure what else i need to do to push public key so as this can be found by nexus
The various OpenPGP keyserver synchronize, but that takes some time. If you know which keyserver will be queried, you can directly upload your key there.
I did:
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys EE539F98
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys EE539F98
and now your key can successfully be found on Ubuntu's keyserver, without having to wait until it automatically synchronized.
Actually I ran the recv-command multiple times to find a keyserver in their pool which already had your key.
I got the error message:
No public key: Key with id: (xxxx) was not able to be
located on http://keyserver.ubuntu.com:port. Upload your public key
and try the operation again.
Then i entered the following command on console:
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys xxxx
(removed the :port from the end of the hostname)
It works!
Same thing here, the thing was :
uploading the key generated from my laptop works perfectly
uploading the key generated from the application server was not efficient, I did not get any error message but the key was never distributed
Maybe our application server was blocking this request, or maybe this one was rejected directly by Sonatype (like explained in https://issues.sonatype.org/browse/OSSRH-6697)
Anyway we found a workaround that I wanted to share with you guys :
generate the public key on your application server
gpg --gen-key
if you have already one, make a copy of pubring.gpg file in your local folder /Users/you/.gnupg/
download locally the public key pubring.gpg generated on your application server (using scp command for example), it should be located in the /home/username/.gnupg/ folder on your application server
put it in your local folder /Users/you/.gnupg/ and publish this key
gpg2 --list-keys
gpg2 --keyserver hkp://pool.sks-keyservers.net
--send-keys KEYID
the key should be published by now
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys KEYID
Please let me know if it helps!
Regards
gpg --keyserver hkp://keys.openpgp.org --send-keys your_public_key
I then retrived an email and cheked this key at https://keys.openpgp.org/
I have a brand new install of Linux Mint 14. Installed Thunderbird & Enigmail.
Generated my key, got a friend's public key, imported it.
Sent my friend an encrypted email, he was able to decrypt it just fine.
However, when he responded, I got "gpg: decryption failed: secret key not available"
I tried deleting my key and reimporting it. I tried changing various settings. But I can't figure out what the problem is. I've used Linux/Thunderbird/Enigmail in the past and never had this error.
Sounds like your friend didn't encrypt the message to your public key in the first place. That error message just means that you did not possess the secret key for any of the keys the message was encrypted to.
I think you'll find that if you save the encrypted message into a file and run "gpg -v " it will tell you that it can't find a key on your keyring to decrypt it. I'm also willing to bet that running "gpg --list-packets" or "pgpdump" (which just makes the --list-packets option easier to read) on that file you'll find that the message was only encrypted to your friend's key.
Sounds stupid, but make sure you are not mixing up gpg keys and ssh keys. That's just the kind of brain fart that will have you tearing your hair out. That's why I keep my hair short :)
See this: Are GPG and SSH keys interchangeable?
I just had exactly the same thing happen as the OP but it was a different cause. I eventually noticed that Thunderbird Enigmail was looking in the keyring of gpg2 while I had used gpg to create the latest key pair. You can check if it is in gpg and bring it across:
gpg2 --list-secret-keys
gpg2 --import ~/.gnupg/secring.gpg
gpg2 --list-secret-keys
It will ask you for passwords of keys after the middle step.
I am getting an error:
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key
My secret keys are available to GPG.
If gpg --list-keys returns nothing, gpg --generate-key solves the problem.
This confusing error message wasted me days of time. I deploy my maven project to maven central, which was always working, but suddenly it gives this message without prompting the passcode. Searched through all the answers didn't solve my problem. Eventually, I found out my key is expired.
gpg --list-keys
So I need to change the expiration by using
gpg --edit-key
And make sure to update both keys.
It might be difference between gpg1 and gpg2. The secret keys are stored in different ways. You may have both of them.
Try
which gpg gpg2
If you do have both, run:
gpg2 --list-secret
gpg --list-secret
You maybe able to tell that one works, another does not.
Here's the answer: I am using latest gnupg version , but I have to use 0.44 gnupg interface version. I have reinstalled the gnupg.
Then no compilation errors were found. I am able to sign my message. but not able to send the request. The problem is I have not installed LWP::Protocol::Https module which is used by "Useragent" to send the request.( i came to know this that i have not installed the module by keeping simple print statements which shown the problem that LWP::Protocol::Https is not found). So i have installed LWP::Protocol::Https module through cpan. And i am good to go. Finally all is set :-)
I am writing a drupal module that encrypts a file using gnupg and sends it to a remote host. There appears to be some bug in my module where it uses the wrong public key to send to the remote host, because they're telling me it fails when they try to decrypt the file. This is the error message they get, from their windows batch file:
Beginning GPG Decryption
Using current version of GNUPG
gpg: encrypted with 2048-bit ELG-E key, ID F1940956, created 2002-04-25
"Wrong Public Key <another_key#another_company.com>"
gpg: decryption failed: secret key not available
However, when I try to decrypt the file I'm sending them, without the key, I get simply
$> gpg --decrypt sensitive_file.gpg
gpg: encrypted with ELG-E key, ID F1940956
gpg: decryption failed: secret key not available
I want gpg to report the email address of the key used to encrypt the file, like in the error message I'm getting from the remote host. I want to see Wrong Public Key <another_key#another_company.com>, like in their error message. But my gpg doesn't report that.
Am I missing a switch? How can I get this information?
The reason that the remote host was able to get the email address of the encrypting key was because of the id F1940956. The remote sign either already has this key, with additional information, on their keyring, or else looked it up in a registry, since this key is a published key.