Home → Beta →

encrypted draft cannot be opened, missing key

• Edit

azag0

01 Dec, 2014 12:17 PM

Hello,

Beta 3 here. I have an encrypted saved local draft, which I am unable to open. It reports a missing key and the key which it reports is none of my keys.

Is the draft lost?

Jan

1. 1 Posted by azag0 on 01 Dec, 2014 12:25 PM

   

   Update: It is reproducible. Any new saved draft cannot be decrypted. When the draft is saved with S/MIME encryption selected, it is ok. When the draft is saved with OpenPGP selected, no matter whether the signature button is on or off, the draft is encrypted and cannot be decrypted. The missing key signature is A2B788AA

   • Edit

2. 2 Posted by wingman on 01 Dec, 2014 12:29 PM

   

   Hi Jan

   Could you please post the version of the relevant tools?

   http://support.gpgtools.org/kb/faq/where-can-i-find-version-info-of...

   I not facing this issue at all.My versions attached

   • Screen_Shot_2014-12-01_at_12.28.51.png 100 KB
   • Edit

3. 3 Posted by azag0 on 01 Dec, 2014 12:31 PM

   

   Here it is. The version of Mail.app is 8.1 (1993).

   • Screen_Shot_2014-12-01_at_13.29.56.jpg 72.4 KB
   • Edit

4. 4 Posted by azag0 on 01 Dec, 2014 12:36 PM

   

   Update: It happens just with one of my two email addresses for which I have a key. The other one behaves ok. Actually, nothing works. When I send an email to myself, the same happens, I cannot decrypt it. But if I send it just signed, not encrypted, the signature is verified correctly without an issue.

   • Edit

5. 5 Posted by azag0 on 01 Dec, 2014 12:40 PM

   

   Update: And when I send an encrypted email from my well-behaving email address to my misbehaving email address, everything works also correctly (encryption and decryption).

   • Edit

6. 6 Posted by wingman on 02 Dec, 2014 12:22 PM

   

   Have a look at the gpg.conf ( file path ~/.gnupg/gpg.conf) as it might be related to a specific configuration you have?

   • Edit

7. 7 Posted by azag0 on 03 Dec, 2014 01:19 PM

   

   The only active setting in my gpg.conf is

   default-key <key>
   require-cross-certification
   keyserver hkp://pgp.mit.edu
   keyserver-options auto-key-retrieve
   auto-key-locate keyserver cert pka ldap hkp://keys.gnupg.net
   no-emit-version
   

   <key> is a correct key. So I don't see anything suspicious

   • Edit

8. 8 Posted by wingman on 03 Dec, 2014 01:37 PM

   

   Hi Jan

   The key reported : A2B788AA seems to belong to you so not sure why you said the in the first post that this is none of your keys. Do you have the secret key of A2B788AA?

   • Edit

9. 9 Posted by azag0 on 03 Dec, 2014 01:51 PM

   

   Oh. Ok, it was a subkey of my key and for an unknown reason to me, it was obviously missing a private key. Deleting the subkey solved the problem. Thanks for your time.

   I really don't know that much about GPG, so I don't know what the purpose of subkeys is. I can obviously use my key without a subkey... I'll have to read more about this.

   Thanks again.

   • Edit

10. 10 Posted by wingman on 03 Dec, 2014 01:56 PM

    

    Have a look at the URL below:

    http://www.connexer.com/articles/openpgp-subkeys

    • Edit

11. Support Staff 11 Posted by Steve on 10 Jan, 2015 05:19 PM

    

    Hi Jan,

    first thing to do after creating a new key: make a backup of that key. Should you ever loose your sec key you can re-import it from your backup.

    Then if you have more than one key for your email address in GPG Keychain and both keys are valid but you loose the sec key to one of them and the remaining pub key has not been revoked, things like you have seen can happen. To prevent this, you should revoke your old key if you can.

    See the following KB on how to do that: http://support.gpgtools.org/kb/gpg-keychain-faq/how-to-revoke-a-key...

    Let me know if you have more questions or if this discussion can be closed.

    All the best,
    steve

    • Edit

12. azag0 closed this discussion on 24 Feb, 2015 04:54 PM.