unixencryptionpublic-key-encryptiongnupg

gpg decryption fails with no secret key error


I have a gpg .key file that is used as passphrase for decrypting a .dat.pgp file. The encrypted .data.pgp file gets successfully decrypted on one server with same .key file using following command

cat xxx_gpg.key | /usr/bin/gpg --batch --quiet -o xxx.dat --passphrase-fd O -d xxx.dat.pgp

But, when I move same key to another server xxx_gpg.key and run same above command, I get following error -

gpg: decryption failed: No secret key

EDIT:

I find that gpg --list-secret-keys returns some data on server where it works but no results are returned for other server.

How can we configure secret key


Solution

  • Looks like the secret key isn't on the other machine, so even with the right passphrase (read from a file) it wouldn't work.

    These options should work, to

    A few useful looking options from man gpg:

    --export
    Either export all keys from all keyrings (default keyrings and those registered via option --keyring), or if at least one name is given, those of the given name. The new keyring is written to STDOUT or to the file given with option --output. Use together with --armor to mail those keys.

    --export-secret-keys
    Same as --export, but exports the secret keys instead.

    --import
    --fast-import
    Import/merge keys. This adds the given keys to the keyring. The fast version is currently just a synonym.

    And maybe

    --keyring file
    Add file to the current list of keyrings. If file begins with a tilde and a slash, these are replaced by the $HOME directory. If the file‐ name does not contain a slash, it is assumed to be in the GnuPG home directory ("~/.gnupg" if --homedir or $GNUPGHOME is not used).

    Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use --keyring along with --no-default-keyring.

    --secret-keyring file
    Same as --keyring but for the secret keyrings.