How do I get going again with GPGTools with a new computer and new OS X.

craig.mckune's Avatar


05 Dec, 2011 09:07 AM

I've downloaded GPGTools onto a new Macbook, with Lion OS X. How do I get GPG Keychain Access to show my sec key? As is I can't find any keys: "Searching for key failed. Code = 0".

I know about the issues with the Apple Mail plug ins, but believe there is a preliminary version available. I may give that a try, but first I just want to get the basic operation going so I can encrypt documents.


  1. Support Staff 1 Posted by Luke Le on 05 Dec, 2011 09:10 AM

    Luke Le's Avatar

    That is in fact interesting. What packages from GPGTools did you install?
    Could you also please run the following commands in

    gpg --gpgconf-test
    gpg --version

    and post the output here.

  2. 2 Posted by craig.mckune on 05 Dec, 2011 09:30 AM

    craig.mckune's Avatar

    Erm... I can't remember which packages. In about September I downloaded GPGTools Installer. In my apps folder I just see GPG Keychain Access, but I believe the installer included at least GPGMail and GPG Services. On my old mac (Snow Leopard) I was encrypting documents (using GPG Services I think) and encrypting emails using GPG Mail. Does that answer your question?

    gpg (GnuPG/MacGPG2) 2.0.17
    libgcrypt 1.4.6
    Copyright (C) 2011 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: ~/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA
            CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2
    private-user:~ privateuser$

  3. Support Staff 3 Posted by Luke Le on 05 Dec, 2011 09:47 AM

    Luke Le's Avatar

    Your .gnupg folder contains all your secret and public keys. If your Lion installation is a new installation, you should copy that folder over from your old Snow Leopard installation.

    Also searching for keys sometimes fails because a lot of keyservers are really unreliant, but the error message sure should be more explanatory.
    Could you try using GPGPreferences to change your default keyserver to

  4. 4 Posted by craig.mckune on 05 Dec, 2011 10:05 AM

    craig.mckune's Avatar

    Thanks. Is that keyserver more reliable?

    I don't have a ... oh, that is a hidden folder? (.gnupgp)

  5. Support Staff 5 Posted by Luke Le on 05 Dec, 2011 10:11 AM

    Luke Le's Avatar

    It works very well for me. We also try to keep this list updated, so check it if something goes wrong.
    If time allows we'll also add an automated check to GPG Keychain Access which will disable failing keyservers.

    It's a hidden folder inside your home folder, exactly. If you have a backup of your old Snow Leopard installation, you have to copy it over, otherwise you'll lose your secret keys unless you did backup them separately.

  6. Support Staff 6 Posted by Steve on 05 Dec, 2011 10:22 AM

    Steve's Avatar

    Hey Craig,

    if any key server is broken or dead or working exceptionally well please add/update it on the following wiki-page:

    Besides that, you might want to re-run the latest version of our installer. There have been quite a few fixes since september :)

    Cheers and all the best,

  7. 7 Posted by craig.mckune on 05 Dec, 2011 10:23 AM

    craig.mckune's Avatar

    Done. The folder had already been created on my new machine, so I just copied over the contents. Thank you.

    I changed the key server.

    And while I have your ear, is it simple enough to update to the preliminary version of GPG Tools that includes Mail plug-ins, or should I wait for the final version.

    Thanks again

  8. 8 Posted by craig.mckune on 05 Dec, 2011 10:25 AM

    craig.mckune's Avatar

    Cool. I updated from the update reminder I received earlier. Will try out the version with the Mail plug-ins now, if I can find it.

  9. Support Staff 9 Posted by Luke Le on 05 Dec, 2011 10:27 AM

    Luke Le's Avatar

    Update to the latest version of GPGTools. Everything but GPGMail is stable and GPGMail is also working very well already for most people.

    A stable version of GPGMail should be released by the end of december if everything goes according to plan.

    So encrypting & decrypting works again as should?

  10. 10 Posted by craig.mckune on 05 Dec, 2011 10:29 AM

    craig.mckune's Avatar

    Right. I see that. Updating now.

    Everything is decrypting and encrypting just fine, except for mail, but I'm sure I'll get that going with new ver

    Thanks guys

  11. Support Staff 11 Posted by Steve on 05 Dec, 2011 10:32 AM

    Steve's Avatar

    Let us know, how the new version performs. And if you have further issues with GPG Keychain Access (GKA) pls also post the version number of that.

  12. Support Staff 12 Posted by Luke Le on 05 Dec, 2011 10:33 AM

    Luke Le's Avatar

    Beware, it will look very different to the old version you are used to.
    It's a completely revamped UI, as non-intrusive as possible, because we had to completely rewrite the plugin from scratch for Lion.

    Basically, mail with decrypt automatically and once you compose a new message, you'll only see a lock icon and a sign icon at the very right, next to the from box.

    Let us know if it works or if you run into any other problems.

  13. 13 Posted by craig.mckune on 05 Dec, 2011 01:48 PM

    craig.mckune's Avatar


    Steve, you asked me for the versions of GKA. On my old machine it's 0.8.13 (0.8.13). On the new machine it's 1.0b5 (1.0b5).

    Once I downloaded the new version of GPGTools, my encryption/decryption worked perfectly in email and for files. However when I logged out and logged in again, I opened my mail account and...
    * When I try to decrypt an email that decrypted perfectly before I logged out, I get the message: "Unable to decrypt PGP message: There was a problem decrypting this message. Verify that you have a valid key in your GPG Keychain."
    * When I try to decrypt a document (it also worked perfectly previously), I get: "Decryption failed. Bad passphrase."



  14. Support Staff 14 Posted by Luke Le on 05 Dec, 2011 02:19 PM

    Luke Le's Avatar

    Now that is interesting.
    Could you run the following line in

    gpg --list-secret-keys

    and check if your email addresses are listed correctly.
    I couldn't think of a reason other than that you're .gnupg folder has a problem.

  15. 15 Posted by Craig McKune on 05 Dec, 2011 02:41 PM

    Craig McKune's Avatar

    I don't like being the guy with "interesting" problems :)

    The output gives me the correct email address: [email blocked]<mailto:[email blocked]>.

    What now?

    Craig McKune
    M&G Centre for
    Investigative Journalism<>
    m: +27 84 837 0366
    o: +27 21 425 9028
    f: +27 21 425 9056
    e: [email blocked]<mailto:[email blocked]>
    Skype: craigpatrik
    twitter: @CraigMcKune
    PGP key on<>
    I'm on facebook and WhatsApp

  16. Support Staff 16 Posted by Luke Le on 05 Dec, 2011 02:47 PM

    Luke Le's Avatar

    Hehe, I'm sorry, someone has to.
    No, in all seriousness, let's get this figured out once and for all.
    Please try to decrypt a file on the command line.

    gpg --decrypt path-to-file

    It should ask you for a passphrase.

  17. 17 Posted by Craig McKune on 05 Dec, 2011 02:58 PM

    Craig McKune's Avatar

    -bash: syntax error near unexpected token `newline'

    But hang, on, there is another problem that has pitched up since I logged out and logged in again. My gmail account - the account I use via Apple Mail for encryption - is not working.

    Outgoing: "Cannot send message using the server[email blocked]. The connection to the server '' on port 465 timed out. ..."

    And when I click on the exclamation mark in my inbox reads: "Alert: There may be a problem with the mail server network. Verify the settings for account "Gmail" or try again. The server returned the error: The connection to the server "" on port 993 timed out."

    This may or may not be linked to my PGP problem? but surely this gmail problem won't affect my encrypting and decrypting files on my hard drive?

  18. Support Staff 18 Posted by Luke Le on 05 Dec, 2011 03:03 PM

    Luke Le's Avatar

    Could you post the complete line you tried to execute, there seems to be an error in it.

    Also, the connection error might be related depending on your settings.
    Please check in your Settings -> Accounts -> Your GMail Account -> Advanced that "all emails with their attachments" is selected under the "keeping copies of mails" option (sorry, my is german so I don't know exactly what it reads in english).

    If your setting reads something like "all e-mails without attachments" or similar, that might be related to the problem you're seeing, because in that case attachments are not stored on your harddrive.

  19. 19 Posted by Craig McKune on 05 Dec, 2011 03:12 PM

    Craig McKune's Avatar

    Last login: Mon Dec 5 16:20:19 on ttys000
    private-user:~ privateuser$ gpg --decrypt <path-to-file>
    -bash: syntax error near unexpected token `newline'
    private-user:~ privateuser$ gpg --decrypt <path-to-file>
    -bash: syntax error near unexpected token `newline'
    private-user:~ privateuser$

    The mail settings were already as you suggested with "All messages and their attachments" is selected.

  20. Support Staff 20 Posted by Luke Le on 05 Dec, 2011 03:14 PM

    Luke Le's Avatar

    sorry you have to omit the "<" and ">", then it should work.

  21. 21 Posted by Craig McKune on 05 Dec, 2011 03:24 PM

    Craig McKune's Avatar

    private-user:~ privateuser$ gpg --decrypt path-to-file
    gpg: can't open `path-to-file': No such file or directory
    gpg: decrypt_message failed: No such file or directory
    private-user:~ privateuser$

  22. Support Staff 22 Posted by Luke Le on 05 Dec, 2011 03:26 PM

    Luke Le's Avatar

    you have to replace path-to-file with the actual path to the file, document you want to decrypt

  23. 23 Posted by Craig McKune on 05 Dec, 2011 03:30 PM

    Craig McKune's Avatar

    right. how do I format the path to file? can you give me an example - sorry.

  24. Support Staff 24 Posted by Luke Le on 05 Dec, 2011 03:35 PM

    Luke Le's Avatar

    Sure thing.

    So, if you're file is for example in your Documents folder it would be something a long the line of


    The "~"-sign is for your home folder. Hope that helps

  25. 25 Posted by Craig McKune on 05 Dec, 2011 03:49 PM

    Craig McKune's Avatar

    I have to go to a meeting and go home after. I'll get working on this again in about 2.5hrs. Thanks for everything so far.

  26. Support Staff 26 Posted by Luke Le on 05 Dec, 2011 03:52 PM

    Luke Le's Avatar

    Great, so talk to you later!

  27. 27 Posted by craig.mckune on 05 Dec, 2011 06:06 PM

    craig.mckune's Avatar

    Using my internet connection at home, the gmail server problem is eliminated. The encrypt/decrypt problem remains.

    I have entered that line with file path into terminal. If I paste the full outcome here on a public forum, will that expose my secret key?

    Here is the edited ver. Tell me if you need more info:

    private-user:~ privateuser$ gpg --decrypt ~/XXXFILEPATHXXX

    You need a passphrase to unlock the secret key for
    user: "Craig McKune <[email blocked]>"
    XXXX-bit XXX key, ID XXXXXXXX, created XXXX-XX-XX (main key ID XXXXXXXX)

    gpg: problem with the agent: End of file
    gpg: encrypted with XXXX-bit RSA key, ID XXXXXXXX, created XXXX-XX-XX
          "Craig McKune <[email blocked]>"
    gpg: public key decryption failed: Operation cancelled
    gpg: encrypted with XXXX-bit RSA key, ID XXXXXXXX, created XXXX-XX-XX
    gpg: encrypted with XXX-bit XXX key, ID XXXXXXXX, created XXXX-XX-XX
    gpg: decryption failed: No secret key
    private-user:~ privateuser$

    This was for a file that I was trying to decrypt in my finder. But of course there is also the problem with decrypting emails.

  28. Support Staff 28 Posted by Luke Le on 05 Dec, 2011 06:47 PM

    Luke Le's Avatar

    This tells me that you're gpg keyring doesn't contain your secret key.
    Could you simply try to copy the .gnupg folder from your backup over again.

    Also, check to see that it doesn't create an alias, which might have happened.

  29. 29 Posted by craig.mckune on 05 Dec, 2011 07:14 PM

    craig.mckune's Avatar

    Nah I think I messed it up.

    I deleted everything in .gnupg and pasted in the contents of the same folder from the old machine, rather than just dragging them in and replacing.

    One file wouldn't transfer. "S.gpg-agent" I get the message: "The operation can’t be completed because an item with the name “S.gpg-agent” already exists." But when I use spotlight I can only find the file on my USB that I'm trying to transfer.

    Encryption still doesn't work. Perhaps I should reinstall GPG Tools.

  30. 30 Posted by craig.mckune on 05 Dec, 2011 07:18 PM

    craig.mckune's Avatar

    Kay wait. Think I've got it. I deleted .gnupg. Created it again and dragged everything in. let me do some testing

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac