[pkg-gnupg-maint] Bug#839547: Bug#839547: gnupg: unable to decrypt file

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Oct 1 21:13:51 UTC 2016 

Hi Paul--

On Sat 2016-10-01 13:33:20 -0700, Paul Roge wrote:
> After updated gnupg, I am unable to decrypt files with "gpg --decrypt [file].gpg". The following error is generated:
>
>> gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created 2014-02-28
>>       "Paul Rogé <proge at riseup.net>"
>> gpg: public key decryption failed: Operation cancelled
>> gpg: decryption failed: No secret key
>
> I have checked that a secret key exists by "gpg --edit-key 3A2B8EB7865452A1", which states:
>
>> Secret key is available.
>> 
>> sec  rsa2048/40E25F025E23DE01
>>      created: 2014-02-28  expires: 2017-03-14  usage: SC  
>>      trust: ultimate      validity: ultimate
>> ssb  rsa2048/3A2B8EB7865452A1
>>      created: 2014-02-28  expires: 2017-03-14  usage: E   
>> [ultimate] (1). Paul Rogé <proge at riseup.net>
>> [ultimate] (2)  Paul Rogé <proge at berkeley.edu>
>> [ultimate] (3)  Paul Rogé <psbr at riseup.net>
>> [ultimate] (4)  Paul Rogé <proge at msu.edu>
>
> I also ran the script "/usr/bin/migrate-pubring-from-classic-gpg --default", but the same problem persists.

Thanks for the report!  it sounds like maybe the problem is with
pinentry, which is what gpg-agent uses to get permission for use of the
secret key -- what version of pinentry do you have installed?

  dpkg -l 'pinentry-*'
  dpkg -S $(readlink -f $(which pinentry))

are you running this from a graphical environment (e.g. in an Xterm or
something), from a virtual terminal, or somewhere else?

If you do have pinentry installed, does it show you a prompt if you run
it directly?  If you run it directly (as "pinentry") it should print out
"OK pleased to meet you".  at that point, you can type "getpin" and hit
enter, and it should prompt you for a passphrase.  enter a dummy
passphrase into whatever dialog you get, and then pinentry should write
it (prefixed with "D ") and then will write "OK".  after that "OK", you
can type "bye" to terminate.

does that work for you?

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161001/631120a1/attachment.sig>

More information about the pkg-gnupg-maint mailing list