[pkg-gnupg-maint] Bug#846953: Bug#846953: gpg2 fails to decrypt with "No secret key" but gpg1 succeeds

Ryan Kavanagh rak at debian.org
Mon Dec 5 01:37:47 UTC 2016 

Hi Daniel,

On Sun, Dec 04, 2016 at 07:08:34PM -0500, Daniel Kahn Gillmor wrote:
> Please try:
> 
>     ~/.gnupg/.gpg-v21-migrated
>     gpg --list-secret-keys

Guessing from the bug report and from the fact that
~/.gnupg/.gpg-v21-migrated is empty, the first command was supposed to
be an rm on that file. It didn't work. I thought it might have something
to do with my stupidly big key size, but it doesn't work for my old
(reasonably sized) key either.

rak at zeta:~$ rm .gnupg/.gpg-v21-migrated
rak at zeta:~$ killall gpg-agent
rak at zeta:~$ ps aux | grep gpg-agent
rak        347  0.0  0.0  12784   972 pts/5    S+   20:29   0:00 grep gpg-agent
rak at zeta:~$ gpg --list-secret-keys
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/home/rak/.gnupg/secring.gpg' to gpg-agent
gpg: key 7BD15207E95EDDC9: secret key imported
gpg: key 8F7BF8FC4A11C97A: secret key imported
gpg: key 5FA9C430B8F36FCA: secret key imported
gpg: migration succeeded
<snip>
rak at zeta:~$ echo "ABC" | gpg -r$GPGKEY --encrypt | gpg --debug 8 --decrypt
gpg: reading options from '/home/rak/.gnupg/gpg.conf'
gpg: enabled debug flags: filter
gpg: encrypted with 10240-bit RSA key, ID 20E0235B0F5E9C64, created 2009-09-24
      "Ryan Kavanagh <rak at debian.org>"
gpg: public key decryption failed: Inappropriate ioctl for device
gpg: decryption failed: No secret key
gpg: secmem usage: 0/65536 bytes in 0 blocks
rak at zeta:~$ echo "ABC" | gpg -r$GPGKEY1 --encrypt | gpg --debug 8 --decrypt
gpg: reading options from '/home/rak/.gnupg/gpg.conf'
gpg: enabled debug flags: filter
gpg: encrypted with 2048-bit ELG key, ID 6C6FA7C974FCFC3F, created 2006-02-22
      "Ryan Kavanagh (kubuntu.org email alias) <ryanakca at kubuntu.org>"
gpg: public key decryption failed: Inappropriate ioctl for device
gpg: decryption failed: No secret key
gpg: secmem usage: 0/65536 bytes in 0 blocks

> If it doesn't work for you, please report back here, and let us know the
> output of:
> 
>     readlink -f $(which pinentry)
>     grep pinentry-program ~/.gnupg/gpg-agent.conf
>     echo getinfo flavor | pinentry

rak at zeta:~$ readlink -f $(which pinentry)
/usr/bin/pinentry-curses
rak at zeta:~$ grep pinentry-program ~/.gnupg/gpg-agent.conf
grep: /home/rak/.gnupg/gpg-agent.conf: No such file or directory
rak at zeta:~$ echo getinfo flavor | pinentry
OK Pleased to meet you
D curses:curses
OK

I run gpg from a text-mode terminal. I would be surprised if it were a
pinentry problem, because I can successfully sign messages using
gpg2+pinentry, e.g.,

rak at zeta:~$ echo "abc" > /tmp/abc && gpg --clearsign /tmp/abc
gpg: using "8F7BF8FC4A11C97A" as default secret key for signing
<I get prompted for my passphrase via pinentry-curses>
rak at zeta:~$ gpg --verify /tmp/abc.asc
gpg: Signature made Sun 04 Dec 2016 08:34:55 PM EST
gpg:                using RSA key 4E469519ED677734268FBD958F7BF8FC4A11C97A
<snip>

Best wishes,
Ryan

-- 
|_)|_/  Ryan Kavanagh      | GPG: 4E46 9519 ED67 7734 268F
| \| \  https://ryanak.ca/ |      BD95 8F7B F8FC 4A11 C97A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1873 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161204/14da12d7/attachment.sig>

More information about the pkg-gnupg-maint mailing list