Newbie gpg encryption problem

I am teaching myself how to use gpg and the basics seem to work (gen-key, list-keys, etc.)

Then I tried to do a round-trip encrypt-to-self using my keys.   The documentation says that I can use a '--encrypt-to' with the ID of my own key as an encrypt-to-self.  So I tried that and its not working.

Can an expert help me out here?

Here's what I did...

1.  Built a simple text file (test.txt) for test purposes.

2.  gpg --list-keys
pub   ABCBLAH/KEYPUB YYYY-MM-DD
uid                  me (My key) <me@myemail.com>
sub   ABCBLAH/KEYSUB YYYY-MM-DD


2.  gpg -e --encrypt-to MYKEYID -r me@myemail.com test.txt

    I'm not prompted for a pass phrase?  But I now have a test.txt.gpg file

    Tried with both KEYPUB and KEYSUB.  Both produce the same end result.

3.  gpg -d test.txt.gpg


    You need a passphrase to unlock the secret key for
    user: "me (My key) <me@myemail.com>"
    2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD (main key ID KEYPUB)

    gpg: problem with the agent: IPC write error
    gpg: Invalid passphrase; please try again ...

    You need a passphrase to unlock the secret key for
    user: "me (My key) <my@myemail.com>"
    2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD (main key ID KEYPUB)

    gpg: problem with the agent: Not supported
    gpg: encrypted with 2048-bit RSA key, ID KEYSUB, created YYYY-MM-DD
          "me (My key) <me@myemail.com>"
    gpg: public key decryption failed: General error
    gpg: decryption failed: No secret key

I seem to get this error no matter what.  
   What am I doing wrong here?
   Shouldn't it prompt me for a pass phrase?

Also any newbie-level explanation that goes beyond the rather limited gpg documentation is appreciated.
tmonteitAsked:
Who is Participating?
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
Yes, gpg can be a bit confusing, which is probably why most people go with a shell (glod knows, *I* use a shell, and I am supposed to be good at this :)

Still, kudos for wanting to get behind the curtain and use the code directly.

ok, you have done quite well, however, you missed (due to the poor quality of the documentation, no doubt) that keyboard interactive is only one of two possible routes to supply the passphrase - the other is the gpg-agent program.

now, normally the default is to fail back to keyboard interactive if you can't find the agent - however you can force keyboard interactive with the option "--no-use-agent" and see if that helps (not going to do much if you are trying to run this as a batch job though, which is what the gpg agent is for)

if it stiill isn't prompting, try one or more of the following:

--passphrase-fd 0
(this forces use of standard input to accept the passphrase)
--passphrase <phrase>
(this forces the password directly)
--passphrase-file <filename>
(this forces the first line of the named file to be taken as the passphrase)

obviously the latter two are considered insecure, With the final one (a hardcoded file with your passphrase in it) VERY insecure.

you might also want to check the environment variables for GPG_AGENT_INFO and your options file for --gpg-agent-info
0
 
ahoffmannConnect With a Mentor Commented:
when you generated your private/public key pair you entered a passphrase for that secret key, you need to use that passphrase to decrypt the file
0
 
gtkfreakConnect With a Mentor Commented:
Best guide on GPG can be referred here. GNU Privacy Handbook here http://www.gnupg.org/gph/en/manual.html
0
 
tmonteitAuthor Commented:
Nothing was wrong, except program was corrupt reinstalling fixed it.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.