[pkg-gnupg-maint] Bug#846953: Bug#846953: gpg2 fails to decrypt with "No secret key" but gpg1 succeeds

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Dec 5 14:20:09 UTC 2016 

On Sun 2016-12-04 20:37:47 -0500, Ryan Kavanagh wrote:
> Guessing from the bug report and from the fact that
> ~/.gnupg/.gpg-v21-migrated is empty, the first command was supposed to
> be an rm on that file.

whoop, yes, you're right.

> rak at zeta:~$ echo "ABC" | gpg -r$GPGKEY1 --encrypt | gpg --debug 8 --decrypt
> gpg: reading options from '/home/rak/.gnupg/gpg.conf'
> gpg: enabled debug flags: filter
> gpg: encrypted with 2048-bit ELG key, ID 6C6FA7C974FCFC3F, created 2006-02-22
>       "Ryan Kavanagh (kubuntu.org email alias) <ryanakca at kubuntu.org>"
> gpg: public key decryption failed: Inappropriate ioctl for device
 […]
> rak at zeta:~$ readlink -f $(which pinentry)
> /usr/bin/pinentry-curses
 […]
> rak at zeta:~$ echo "abc" > /tmp/abc && gpg --clearsign /tmp/abc
> gpg: using "8F7BF8FC4A11C97A" as default secret key for signing
> <I get prompted for my passphrase via pinentry-curses>
> rak at zeta:~$ gpg --verify /tmp/abc.asc
> gpg: Signature made Sun 04 Dec 2016 08:34:55 PM EST
> gpg:                using RSA key 4E469519ED677734268FBD958F7BF8FC4A11C97A
> <snip>

do you have GPG_TTY set?  if not, can you retry the first command after
having done:

   GPG_TTY=$(tty)

in the failed example, stdin of --decrypt is set to the incoming data
stream.

in the two successful examples, stdin is just the terminal's attached
stdin.

if you set GPG_TTY then gpg will tell gpg-agent (which will tell
pinentry-curses) which terminal it should prompt on.

Upstream tends to recommend setting GPG_TTY in your .bashrc.

I will say that this:

> gpg: public key decryption failed: Inappropriate ioctl for device
> gpg: decryption failed: No secret key

Is a very unclear set of error messages to give you a hint that this is
the case, though :/

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161205/d0a9a798/attachment.sig>

More information about the pkg-gnupg-maint mailing list