22
7
I am trying to decrypt a file with GnuPG, but when using the command below:
gpg --decrypt filename.gpg
I get the following message:
gpg: encrypted with RSA key, ID 3662FD5E
gpg: decryption failed: No secret key
I already have the private key with which the file has been encrypted, but I am not sure how can I specify it. Is there any option I can include when doing the decryption to point to this key?
Crista23
Posted 2015-05-28T15:10:16.357
Reputation: 323
17
I already have the private key with which the file has been encrypted, but I am not sure how can I specify it.
I understand this as "I've got a file containing the private key, but do not know how to tell GnuPG to use it".
GnuPG requires keys (both public and private) to be stored in the GnuPG keyring. This is as easy as
gpg --import [keyfile]
Afterwards, you should be able to decrypt the file exactly the way you already tried.
Jens Erat
Posted 2015-05-28T15:10:16.357
Reputation: 14 141
5So is gpg smart enough to know which key to decrypt once you have several keys imported? – RollRoll – 2016-08-11T00:20:25.907
Yes. Usually the key is even referenced in the encrypted file, if not GnuPG tries all keys. – Jens Erat – 2016-08-11T15:35:16.270
I use GnuPG programmatically and have a keyring with hundreds of private keys and message may be encrypted with dozens of them. It seems a bit wasteful that it just tries them all (actually it tries to unlock them all using the given passphrase and takes the first one that works). – jlh – 2017-10-25T08:24:16.020
2GnuPG only tries them all if the key was hidden by the sending party. It feels your use case was not one of the design targets of GnuPG. If you know the correct private key although it is not stored in the encrypted file, consider managing different GnuPG home directories/keyrings with a single private key instead. – Jens Erat – 2017-10-25T20:42:43.263
Yes, it seems that my use case isn't well suited for gpg. For completeness here's a more detailed observation: My recipient IDs are not hidden (not using -R), so gpg knows which of the maybe a dozen keys it should try, it doesn't have to try the entire keyring. However gpg doesn't know for which key I supplied the passphrase, so it does have to try those dozen keys, which slows down things considerably. – jlh – 2018-09-20T11:49:03.727
6
bash-4.2$ gpg --import b_secret.key
gpg: key 23E7859B: already in secret keyring
gpg: Total number processed: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
bash-4.2$ gpg --decrypt b_txt.asc
gpg: key 23E7859B: secret key without public key - skipped
gpg: encrypted with RSA key, ID 04702E37
gpg: decryption failed: secret key not available
anshul
Posted 2015-05-28T15:10:16.357
Reputation: 61
3Welcome to SuperUser, your suggestion is already in another answer. You should upvote that answer instead of making new one. You don't have enough reputation to do that yet, wait until you do. – Vlastimil Ovčáčík – 2015-12-04T11:02:48.803
2
You don't need to expressly declare the secret key in the gpg decrypt command. If the keypair- both Public AND Private keys- as Jens states are present on the keyring on the host where you're decrypting, GPG will automagically determine the secret key required for decryption and present a password challenge.
HOWEVER if you wish to try all (non-cached) keys (maybe you're testing a file encrypted with multiple keys), using the switch --try-all-secrets will cycle through all the secret keys on your keyring trying them in turn. ie:
gpg -d --try-all-secrets test-gpg.txt.asc
HTH- Terrence
F1Linux
Posted 2015-05-28T15:10:16.357
Reputation: 161
1What does
gpg --list-secret-keys 0x3662FD5Eprint? – Jonas Schäfer – 2015-05-28T15:18:00.847No, it doesn't. Is there any way I can add it? – None – 2015-05-28T15:21:38.993
How did you obtain the private key? – Jonas Schäfer – 2015-05-28T15:36:52.197
What does this ID actually represent? – Nishant – 2018-08-01T16:17:14.237