gpg: decryption failed: No secret key #286
Comments
|
Generally if you get "gpg: decryption failed: No secret key" then you forgot to re-encrypt the files with the new key. I've also seen issues if the two machines have different GPG versions. The pubring.gpg file is a binary format that changes in major GPG versions and sometimes this causes a conflict.
Yes, absolutely. All the public keys must be on the machine when the files are re-encrypted. Tom |
|
To be clear, by "re-encrypt the files" we mean -- I checked and my gpg versions were different, so I just did a Here's some output that shows that I should have all of the public keys on my laptop. I only have one of the private keys, but I believe that should be enough. user@Ryans-MacBook-Pro-3 ~/secrets (git)-[master] % blackbox_update_all_files gpg --list-keyspub rsa4096 2019-05-01 [SC] pub rsa4096 2018-06-19 [SCEA] blackbox_update_all_files ========== FILES IN THE WAY: |
|
Yes, blackbox_update_all_files |
|
Do I need the private (secret) keys for all admins to run the command? Simply having the public keys does not appear to be enough. |
|
IIRC you need the public keys of everyone, and the private key of yourself. |
|
You may want to check that there's no other person sharing your name on the public keyring. It just happened to me that apparently, if there's a longer name with an end matching yours, it'll take precedence when adding you as an administrator or re-encrypting. That took a while to figure out... |
|
@manu-rosa Thank you, I will look into that. I have multiple keys with the same name, so that definitely seems like it could apply to me. |
|
Please take a look at #199, I believe it's related. |
|
I am receiving this error myself for a new repository: mkdir secret-repo
cd secret-repo
git init
blackbox_initialize
git add .
git commit -m 'INITIALIZE BLACKBOX'
blackbox_addadmin ramage.lucas@protonmail.com
blackbox_listadmins
ramage.lucas@protonmail.com
echo 'foo' > bar.txt
blackbox_register_new_file bar.txt
blackbox_cat bar.txt.gpg
========== PLAINFILE "bar.txt"
========== Importing keychain: START
gpg: Total number processed: 1
gpg: unchanged: 1
========== Importing keychain: DONE
========== EXTRACTING bar.txt
gpg: decryption failed: No secret key |
|
Hmm.. that's difficult to answer because that is a gpg error, not a problem with blackbox itself. Have you tried: https://stackoverflow.com/questions/58892189/error-gpg-decryption-failed-no-secret-key-when-using-blackbox-in-job-circle |
Thanks for the tip. Turns out in this case it was an issue with the pinentry. |
|
I get the same behavior on a RHEL system. I have to run a newer GNUPG, but it still looks like decrypt doesn't use it, even when encrypt does. The secret keys are there, but decrypt isn't finding them. |
This might not be an issue with blackbox so much as user error, but I'm not sure where else to post.
I'm running into
gpg: decryption failed: No secret key.I have a new machine with a new gpg key, and from that machine (which has ssh access to my git secrets repo) I did blackbox_add_admin with the corresponding email address.
However, any attempt to run blackbo_cat, blackbox_edit, etc runs into the above error. I think I need to do
blackbox_update_all_files, but doing so gives the same error.I also tried running
blackbox_update_all_fileson an old machine which can run all the other blackbox commands fine. Update all files fails with the same error.Now, my guess is that to reencrypt all files, all of the admin's gpg keys must be on the same machine. Is that the case? If so I understand why I'm hitting this error; otherwise I'm quite confused.
Thanks for any help.
The text was updated successfully, but these errors were encountered: