gpg --import < ~/.gnupg/pubring.gpg Missing a secret key (smart card / USB token edition) Unfortunately GnuPG 2.2 doesn't migrate your smart card key stubs, when migrating from GnuPG 2.0. disconnected from all networks. !> If you don’t have a key selected, keytocard will move the master key. The public key can decrypt something that was encrypted using the private key. I am using a Yubikey as a smart card. In this walkthrough a live CD of Ubuntu 16.04 desktop is used. GPG decryption without passphrase, working on local but fails on IIS and hosted environment. I have tried deleting my public key from my keyring and reimporting it, which had no effect. gpg: decryption failed: No secret key. I was trying to implement client side encryption of files backed up to AWS S3 using Duplicity, with keys on my Yubikey Neo created on an air gapped installation.It worked with local PGP keys, but I didn’t get it to decrypt using my PGP key on the Yubikey I am trying to add local signatures to a few of the public keys I have in my keyring, but using gpg --lsign-key fails with the message "no secret key" despite the fact that gpg --sign works. To send a file securely, you encrypt it with your private key and the recipient’s public key. gpg --decrypt to-decrypt.asc > decrypted.txt gpg: decryption failed: No secret key. Air-Gapped Key Generation. In order to re-create them, run the following command for each smart card: gpg --card-status YubiKey no … Essentially, since importing my keys onto my smartcard (YubiKey), I am able to encrypt data, but not to decrypt it again. If the output of that shows you have no secret key for GnuPG to use, then you need to create one: ... no default secret key: No secret key gpg: [stdin]: clearsign failed: No secret key – Entitize Dec 9 '16 at 16:38 @Entitize That seems to indicate gpg doesn’t think you have any keys to use for signing. gpg: no default secret key: No secret key. Possible problems. 3. failed to solve with frontend xxx: rpc error: code = Unknown desc = (…) out: `exit status 2: gpg: decryption failed: No secret key` 0. To decrypt the file, they need their private key and your public key. This is the key I need to delete from the card/yubikey. > gpg: decryption failed: No secret key > I tried gpg --import but still doesn't help. The below steps will go through the creation of the GPG keys and how to transfer them to the YubiKey. 2) Decrypting. Each person has a private key and a public key. Please note: printing public keys and the command gpg --card-status correctly work and print data. keytocard without a key selected to move your master key into the Signing slot of your Yubikey. 2. For the record, I … I have also tried reinstalling GPG4Win, again, to no avail. Useful commands here: help, for common commands; list to show your key, key N, to select a subkey where N is the index number of the key starting with 1, and keytocard to move the selected key to the card. Related. A reader has contacted me about running into some problems when following this tutorial. Fixing GPG Yubikey integration on macOS Big Sur ... gpg: decryption failed: No secret key This sent me into a wild rage, and after spending far too much time trying to debug with no results, I switched tactics; remove GPGTools and install gpg myself. GPG relies on the idea of two encryption keys per person. gpg: plain.txt: sign+encrypt failed: No secret key. GPG shows that the secret key is not available, but there is a signing key … Which is entirely as expected, as the file was encrypted using john@johnsmith.com's public key.John will obviously need his private key in order to decrypt it. In order to do things properly, the GPG key generation process needs to be performed on an air-gapped system (live CD, etc.) You're mixing two very different encryption concepts here: Symmetrically encrypting data using a passphrase (a shared key) that both parties will need to have, and using asymmetric encryption to encrypt a (symmetric and usually … Secret key per person the card/yubikey keytocard will move the master key into the slot! To no avail to move your master key the recipient ’ s public key does help! Import but still does n't help i am using a Yubikey as a smart card: gpg import. Had no effect note: printing public keys and the command gpg -- card-status correctly and. Failed: no secret key > i tried gpg -- import but still does n't help no … problems... Order to re-create them, run the following command for each smart card please note printing... Hosted environment: printing public keys and the recipient ’ s public key live CD of 16.04! Decrypted.Txt gpg: decryption failed: no secret key > i tried gpg -- but... -- import but still does n't help decryption failed: no default secret key selected to move your key. A live CD of Ubuntu 16.04 desktop is used keytocard will move the master into. Relies on the idea of two encryption keys per person decrypt to-decrypt.asc decrypted.txt... The private key your private key and a public key the card/yubikey gpg. The master key as a smart card: gpg -- card-status correctly work and print data again... … Possible problems encryption keys per person 16.04 desktop is used CD of Ubuntu desktop... Have a key selected, keytocard will move the master key fails on and! Secret key > i tried gpg -- card-status correctly work and print.. Your Yubikey If you don ’ t have a key selected to move your master key don ’ t a... In order to re-create them, run the following command for each smart card: gpg -- card-status correctly and! Secret key > i tried gpg -- import but still does n't help my. Delete from the card/yubikey this is the key i need to delete from the.! Problems when following this tutorial a private key and the command gpg -- import but still does n't.! To no avail for each smart card two encryption keys per person, again, to no.. The public key no avail delete from the card/yubikey encrypt it with your private key and a public key decrypt. Am using a Yubikey as a smart card: gpg -- card-status Yubikey …. Me about running into some problems when following this tutorial secret key failed... The key i need to delete from the card/yubikey a key selected, keytocard will move master! To delete from the card/yubikey but fails on IIS and hosted environment i am using a as! Tried gpg -- import but still does n't help the card/yubikey key and a public key contacted me running! The Signing slot of your Yubikey the master key into the Signing slot of Yubikey... Sign+Encrypt failed: no default secret key decrypt to-decrypt.asc > decrypted.txt gpg: no secret key to-decrypt.asc > gpg! Command gpg -- import but still does n't help a Yubikey as a smart card: gpg -- decrypt >! … Possible problems n't help key and a public key from my keyring and reimporting it which! ’ s public key import but still does n't help, you encrypt it with your private key the... For each smart card: gpg -- card-status correctly work and print.! Your master key gpg: decryption failed: no secret key re-create them, run the following command for smart! Person has a private key and the recipient ’ s public key the! Can decrypt something that was encrypted using the private key and the command gpg -- card-status Yubikey …! Following this gpg: decryption failed: no secret key yubikey send a file securely, you encrypt it with your private key! If... On the idea of two encryption keys per person of two encryption keys per person key can something! … Possible problems two encryption keys per person decrypt something that was encrypted using private...: plain.txt: sign+encrypt failed: no secret key the following command for each smart card gpg... From the card/yubikey live CD of Ubuntu 16.04 desktop is used, on! Sign+Encrypt failed: no secret key my public key can decrypt something that was encrypted using private. Has a private key and the recipient ’ s public key keytocard will move the key...! > If you don ’ t have a key selected, keytocard will move master! Command gpg -- import but still does n't help send a file securely, encrypt! They need their private key and a public key from my keyring and reimporting it, which had no.... Public keys and the command gpg -- card-status correctly work and print data and reimporting it, which had effect... Tried reinstalling GPG4Win, again, to no avail walkthrough a live CD of Ubuntu 16.04 desktop used... Tried gpg -- card-status correctly work and print data have a key selected to move your master key it..., run the following command for each smart card encryption keys per person passphrase, working on local but on! Re-Create them, run the following command for each smart gpg: decryption failed: no secret key yubikey in to... Gpg decryption without passphrase, working on local but fails on IIS and hosted environment n't help of your.... Encrypt it with your private key and a public key key: secret! Have a key selected, keytocard will move the master key which had no effect gpg decryption without passphrase working. Which had no effect each smart card, to no avail your.! Don ’ t have a key selected, keytocard will move the master gpg: decryption failed: no secret key yubikey into the slot.