Newbie gpg encryption problem

Posted on 2010-01-02
Medium Priority
Last Modified: 2013-11-08
I am teaching myself how to use gpg and the basics seem to work (gen-key, list-keys, etc.)

Then I tried to do a round-trip encrypt-to-self using my keys.   The documentation says that I can use a '--encrypt-to' with the ID of my own key as an encrypt-to-self.  So I tried that and its not working.

Can an expert help me out here?

Here's what I did...

1.  Built a simple text file (test.txt) for test purposes.

2.  gpg --list-keys
uid                  me (My key) <me@myemail.com>

2.  gpg -e --encrypt-to MYKEYID -r me@myemail.com test.txt

    I'm not prompted for a pass phrase?  But I now have a test.txt.gpg file

    Tried with both KEYPUB and KEYSUB.  Both produce the same end result.

3.  gpg -d test.txt.gpg

    You need a passphrase to unlock the secret key for
    user: "me (My key) <me@myemail.com>"
    2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD (main key ID KEYPUB)

    gpg: problem with the agent: IPC write error
    gpg: Invalid passphrase; please try again ...

    You need a passphrase to unlock the secret key for
    user: "me (My key) <my@myemail.com>"
    2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD (main key ID KEYPUB)

    gpg: problem with the agent: Not supported
    gpg: encrypted with 2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD
          "me (My key) <me@myemail.com>"
    gpg: public key decryption failed: General error
    gpg: decryption failed: No secret key

I seem to get this error no matter what.  
   What am I doing wrong here?
   Shouldn't it prompt me for a pass phrase?

Also any newbie-level explanation that goes beyond the rather limited gpg documentation is appreciated.
Question by:tmonteit
LVL 33

Accepted Solution

Dave Howe earned 668 total points
ID: 26165125
Yes, gpg can be a bit confusing, which is probably why most people go with a shell (glod knows, *I* use a shell, and I am supposed to be good at this :)

Still, kudos for wanting to get behind the curtain and use the code directly.

ok, you have done quite well, however, you missed (due to the poor quality of the documentation, no doubt) that keyboard interactive is only one of two possible routes to supply the passphrase - the other is the gpg-agent program.

now, normally the default is to fail back to keyboard interactive if you can't find the agent - however you can force keyboard interactive with the option "--no-use-agent" and see if that helps (not going to do much if you are trying to run this as a batch job though, which is what the gpg agent is for)

if it stiill isn't prompting, try one or more of the following:

--passphrase-fd 0
(this forces use of standard input to accept the passphrase)
--passphrase <phrase>
(this forces the password directly)
--passphrase-file <filename>
(this forces the first line of the named file to be taken as the passphrase)

obviously the latter two are considered insecure, With the final one (a hardcoded file with your passphrase in it) VERY insecure.

you might also want to check the environment variables for GPG_AGENT_INFO and your options file for --gpg-agent-info
LVL 51

Assisted Solution

ahoffmann earned 668 total points
ID: 26199278
when you generated your private/public key pair you entered a passphrase for that secret key, you need to use that passphrase to decrypt the file

Assisted Solution

gtkfreak earned 664 total points
ID: 26276986
Best guide on GPG can be referred here. GNU Privacy Handbook here http://www.gnupg.org/gph/en/manual.html

Author Comment

ID: 26510744
Nothing was wrong, except program was corrupt reinstalling fixed it.  

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question