No secret key

eric.vanoorschot's Avatar

eric.vanoorschot

29 Sep, 2017 07:17 AM

Which of our tools is giving you problems? gpg command line and Mac Mail 10.3
both tools stop with 'no secret key'

I copied my secret/public keyfiles from a running Linux system, set the validity of my own secret/public key to ultimate but is still does not work, see the listing below. I am using the terminal since that usually gives more feedback

gpg -eas -r eric.vanoorschot texput.log
gpg: using "4B211555" as default secret key for signing
gpg: signing failed: No secret key
gpg: texput.log: sign+encrypt failed: No secret key

GPGkeychain shows me that I have a valid sec/pub key (4 green blocks) for my keyid

I am using
gpg (GnuPG/MacGPG2) 2.2.0
libgcrypt 1.8.1
macos 10.12.6

What is going wrong ?

  1. Support Staff 1 Posted by Steve on 02 Oct, 2017 02:46 PM

    Steve's Avatar

    Hi Eric,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    Was your setup working prior to the update to GPG Suite 2017.1?

    If so, with GPG Suite 2017.1 we have upgraded our version of GnuPG (MacGPG2) from GnuPG 2.0 to GnuPG 2.2.

    The error message you are reporting indicates that there kay have been a problem migrating your secret key.

    Please visit the following KB-article and let me know if that brings you back to working state.

    All the best,
    steve

  2. 2 Posted by eric.vanoorscho... on 12 Oct, 2017 06:57 PM

    eric.vanoorschot's Avatar

    Hi Steve,

    No, it is the first I am trying to use gpg on a Mac. I have used gpg for years on my Linux machines, but migrated to Mac recently.

    I used gpgKeyChain to import my secret and public key, changed the status to ultimate. So in the GPGKeychain window it shows sec/pub and four bright green block on the right. But if I try to sign an email it says ‘no secret key’. If I use the command line gpg -K it shows my secret key. So what is going wrong ?

    Vriendelijke groeten,

    Eric van Oorschot

  3. Support Staff 3 Posted by Steve on 13 Oct, 2017 09:17 AM

    Steve's Avatar

    Could you please send a debug log from your affected machine: Open System Preferences > GPG Suite > Send Report. Check the box to "attach debug log". Since you already described your issue in this discussion, you don't need to add a lot of detail, but please do add the link to your existing discussion, so I can then merge your debug info with this existing discussion.

    All the best,
    steve

  4. Support Staff 4 Posted by Steve on 13 Oct, 2017 02:03 PM

    Steve's Avatar
  5. Support Staff 5 Posted by Steve on 14 Oct, 2017 01:47 PM

    Steve's Avatar

    Hi Eric,

    are you using a smartcard? If so, could you follow this KB-article and see if that brings you back to working state:

    https://gpgtools.tenderapp.com/kb/faq/gpg-suite-20171-gnupg-20-gnup...

    Best,
    steve

  6. 6 Posted by eric.vanoorscho... on 17 Oct, 2017 05:47 PM

    eric.vanoorschot's Avatar

    Hi Steve,

    The tricky part was in the card reader. Under Linux i used the FSFE fellowship card for my encryption, that worked. But under MacOS i did not have a working card reader. So I tried it the old way, command line encryption. Although i copied the sec and pubring from an ancient USB stick it just did not work, whatever I tried.

    Today I installed a card reader, and everything works fine. I still do not understand why the ‘old’ command line method without the card reader no longer works. The only files I copied from the ancient USB stick were the sec en pubring files. And these files were made as back up when I first stared using the card.

    But anyway, not it works, signing and encrypting from my email.

    Vriendelijke groeten,

    Eric van Oorschot

  7. Support Staff 7 Posted by Luke Le on 10 Dec, 2017 12:38 PM

    Luke Le's Avatar

    Hi Eric,

    thank you for your patience.
    We are glad to hear that you managed to solve your problem.
    Since GnuPG >= 2.1 a different keyring file is used. Now if you copy your old keyring file, after upgrading, the keys in that keyring file won't be migrated to the new format, since GnuPG is flagged as already having performed a migration.
    That is probably why the command line encrypt didn't work.

    Closing this discussion. Feel free to open a new one anytime should you have questions or run into problems.

  8. Luke Le closed this discussion on 10 Dec, 2017 12:38 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac