Newbie gpg encryption problem

Posted on 2010-01-02
Last Modified: 2013-11-08
I am teaching myself how to use gpg and the basics seem to work (gen-key, list-keys, etc.)

Then I tried to do a round-trip encrypt-to-self using my keys.   The documentation says that I can use a '--encrypt-to' with the ID of my own key as an encrypt-to-self.  So I tried that and its not working.

Can an expert help me out here?

Here's what I did...

1.  Built a simple text file (test.txt) for test purposes.

2.  gpg --list-keys
uid                  me (My key) <>

2.  gpg -e --encrypt-to MYKEYID -r test.txt

    I'm not prompted for a pass phrase?  But I now have a test.txt.gpg file

    Tried with both KEYPUB and KEYSUB.  Both produce the same end result.

3.  gpg -d test.txt.gpg

    You need a passphrase to unlock the secret key for
    user: "me (My key) <>"
    2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD (main key ID KEYPUB)

    gpg: problem with the agent: IPC write error
    gpg: Invalid passphrase; please try again ...

    You need a passphrase to unlock the secret key for
    user: "me (My key) <>"
    2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD (main key ID KEYPUB)

    gpg: problem with the agent: Not supported
    gpg: encrypted with 2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD
          "me (My key) <>"
    gpg: public key decryption failed: General error
    gpg: decryption failed: No secret key

I seem to get this error no matter what.  
   What am I doing wrong here?
   Shouldn't it prompt me for a pass phrase?

Also any newbie-level explanation that goes beyond the rather limited gpg documentation is appreciated.
Question by:tmonteit
    LVL 33

    Accepted Solution

    Yes, gpg can be a bit confusing, which is probably why most people go with a shell (glod knows, *I* use a shell, and I am supposed to be good at this :)

    Still, kudos for wanting to get behind the curtain and use the code directly.

    ok, you have done quite well, however, you missed (due to the poor quality of the documentation, no doubt) that keyboard interactive is only one of two possible routes to supply the passphrase - the other is the gpg-agent program.

    now, normally the default is to fail back to keyboard interactive if you can't find the agent - however you can force keyboard interactive with the option "--no-use-agent" and see if that helps (not going to do much if you are trying to run this as a batch job though, which is what the gpg agent is for)

    if it stiill isn't prompting, try one or more of the following:

    --passphrase-fd 0
    (this forces use of standard input to accept the passphrase)
    --passphrase <phrase>
    (this forces the password directly)
    --passphrase-file <filename>
    (this forces the first line of the named file to be taken as the passphrase)

    obviously the latter two are considered insecure, With the final one (a hardcoded file with your passphrase in it) VERY insecure.

    you might also want to check the environment variables for GPG_AGENT_INFO and your options file for --gpg-agent-info
    LVL 51

    Assisted Solution

    when you generated your private/public key pair you entered a passphrase for that secret key, you need to use that passphrase to decrypt the file
    LVL 9

    Assisted Solution

    Best guide on GPG can be referred here. GNU Privacy Handbook here

    Author Comment

    Nothing was wrong, except program was corrupt reinstalling fixed it.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now