encrypted draft cannot be opened, missing key

azag0's Avatar


01 Dec, 2014 12:17 PM


Beta 3 here. I have an encrypted saved local draft, which I am unable to open. It reports a missing key and the key which it reports is none of my keys.

Is the draft lost?


  1. 1 Posted by azag0 on 01 Dec, 2014 12:25 PM

    azag0's Avatar

    Update: It is reproducible. Any new saved draft cannot be decrypted. When the draft is saved with S/MIME encryption selected, it is ok. When the draft is saved with OpenPGP selected, no matter whether the signature button is on or off, the draft is encrypted and cannot be decrypted. The missing key signature is A2B788AA

  2. 2 Posted by wingman on 01 Dec, 2014 12:29 PM

    wingman's Avatar

    Hi Jan

    Could you please post the version of the relevant tools?


    I not facing this issue at all.My versions attached

  3. 3 Posted by azag0 on 01 Dec, 2014 12:31 PM

    azag0's Avatar

    Here it is. The version of Mail.app is 8.1 (1993).

  4. 4 Posted by azag0 on 01 Dec, 2014 12:36 PM

    azag0's Avatar

    Update: It happens just with one of my two email addresses for which I have a key. The other one behaves ok. Actually, nothing works. When I send an email to myself, the same happens, I cannot decrypt it. But if I send it just signed, not encrypted, the signature is verified correctly without an issue.

  5. 5 Posted by azag0 on 01 Dec, 2014 12:40 PM

    azag0's Avatar

    Update: And when I send an encrypted email from my well-behaving email address to my misbehaving email address, everything works also correctly (encryption and decryption).

  6. 6 Posted by wingman on 02 Dec, 2014 12:22 PM

    wingman's Avatar

    Have a look at the gpg.conf ( file path ~/.gnupg/gpg.conf) as it might be related to a specific configuration you have?

  7. 7 Posted by azag0 on 03 Dec, 2014 01:19 PM

    azag0's Avatar

    The only active setting in my gpg.conf is

    default-key <key>
    keyserver hkp://pgp.mit.edu
    keyserver-options auto-key-retrieve
    auto-key-locate keyserver cert pka ldap hkp://keys.gnupg.net

    <key> is a correct key. So I don't see anything suspicious

  8. 8 Posted by wingman on 03 Dec, 2014 01:37 PM

    wingman's Avatar

    Hi Jan

    The key reported : A2B788AA seems to belong to you so not sure why you said the in the first post that this is none of your keys. Do you have the secret key of A2B788AA?

  9. 9 Posted by azag0 on 03 Dec, 2014 01:51 PM

    azag0's Avatar

    Oh. Ok, it was a subkey of my key and for an unknown reason to me, it was obviously missing a private key. Deleting the subkey solved the problem. Thanks for your time.

    I really don't know that much about GPG, so I don't know what the purpose of subkeys is. I can obviously use my key without a subkey... I'll have to read more about this.

    Thanks again.

  10. 10 Posted by wingman on 03 Dec, 2014 01:56 PM

    wingman's Avatar
  11. Support Staff 11 Posted by Steve on 10 Jan, 2015 05:19 PM

    Steve's Avatar

    Hi Jan,

    first thing to do after creating a new key: make a backup of that key. Should you ever loose your sec key you can re-import it from your backup.

    Then if you have more than one key for your email address in GPG Keychain and both keys are valid but you loose the sec key to one of them and the remaining pub key has not been revoked, things like you have seen can happen. To prevent this, you should revoke your old key if you can.

    See the following KB on how to do that: http://support.gpgtools.org/kb/gpg-keychain-faq/how-to-revoke-a-key...

    Let me know if you have more questions or if this discussion can be closed.

    All the best,

  12. azag0 closed this discussion on 24 Feb, 2015 04:54 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac