Secret key to decrypt the message is missing

Phoebe's Avatar

Phoebe

07 Jan, 2015 10:45 PM

GPGMail 2.5b4

Cannot read my encrypted reply. I can read all the encrypted emails from people send me, but I can't read my encrypted reply. It shown error: "secret key to decrypt the message is missing". Where I can put the "secret key" back on, so that I can see my own messages?
There isn't any problem before, but only happened after updated to Yosemite.

If your problem concerns GPGMail, are you using any other plugins?

I don't know. What kind of plugins?

  1. 1 Posted by wingman on 15 Jan, 2015 11:14 AM

    wingman's Avatar

    hi Phoebe

    Are you still facing the issue? Maybe try to install the latest updates on your OS X (10.10.1) is the latest one

  2. Support Staff 2 Posted by Steve on 06 Feb, 2015 01:40 AM

    Steve's Avatar

    Hi Phoebe,

    please update to OSX 10.10.2. Then could you please download and install our latest nightly build and see if the problem persists. That page also has sig and SHA1 to verify the download.

    If the problem still persists after that, open GPG Keychain and look how many entries with "sec/pub" in the type column you see.

    All the best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  3. 3 Posted by Phoebe Lam on 11 Feb, 2015 08:53 PM

    Phoebe Lam's Avatar

    Hi Steve,

    It still not working :(

    There is only one sec/pub on the keychain. But, I have 2 keys for the same email. Is this normal?

    I messed up the keychain back then, but able to restore the key back and had Mail back to work. So 2 keys on the keychains has been fine and working well until upgraded to Yosemite and beta gpg, then start showing the message “secret key to decrypt the message is missing”.

    any other suggestions to fix this?

    Many thanks,
    Phoebe

  4. Support Staff 4 Posted by Steve on 13 Feb, 2015 03:51 PM

    Steve's Avatar

    Hi Phoebe,

    here's my theory of what happened: you created 2 keys initially for the same address. One secret key got lost meanwhile and you now only have one sec/pub key. When searching the key servers for [email blocked] I only find a single key. So that is good news, because the new key from may 2014 key does not seem to have been uploaded to the key servers.

    Master plan to get your setup fixed:

    1. Revoke the 2014 May key
      It seems you lost the sec key So that key is of no real use to you. I suggest revoking that key. The easiest way is, to right click on that pub key and see if you have an option to "revoke". If that option is greyed out, things get a little more complicated. In that case you do not have a revoke cert available. But let's first check if the easy solution works out.

    2. Test mail
      I've sent you a test mail. Are you able to decrypt that message?

    We'll go from there,
    steve

  5. 5 Posted by Phoebe Lam on 13 Feb, 2015 06:07 PM

    Phoebe Lam's Avatar

    Hi Steve,

    Oops, master plan A doesn’t work. The “revoke” option is greyed out :(

    And, yes, I can read your message. Replied separately.

    So, what’s the master plan B?

    Thanks,
    Phoebe

  6. Support Staff 6 Posted by Steve on 15 Feb, 2015 02:01 PM

    Steve's Avatar

    Hi Phoebe,

    in the current version of GPG Suite, we now create a revocation certificate for each new key being created. We do this to prevent from this exact situation: being stuck with a useless key and being unable to revoke.

    While this is not the end of the world, it is a bit annoying because now you cannot revoke that key. It's not on the key servers so the damage is not that big. I suggest, to simply remove the pub key for your mail address. Since you have two public keys for your own mail at the moment this might be confusing for GPGMail. Make sure to make a backup of all your current keys first before starting to deal with this:
    http://support.gpgtools.org/kb/gpg-keychain-faq/backup-or-transfer-...

    Once you have a backup, delete the pub key for your mail address. Then tell teh contact sending those mail you are unable to encrypt to remove all keys for your except the one found on the key servers.

    That should bring you to fully working state.

    Please also note: we received your mail mail encrypted but not signed.

    Please take the time to carefully read our quickstart tutorial (http://gpgtools.org/quickstart) to help you understand the basics - how GPGMail works. Since your mail was not signed, please especially have a look at that section and why it might be worth considering to make use of that as well.

    Best regards, Steve

  7. 7 Posted by Phoebe Lam on 16 Feb, 2015 11:41 PM

    Phoebe Lam's Avatar

    Hi Steve,

    I think it is working, can you send me an encrypted email to test it out?

    Thanks,
    Phoebe

  8. Support Staff 8 Posted by Steve on 16 Feb, 2015 11:43 PM

    Steve's Avatar

    DING

    you got mail.

  9. 9 Posted by Phoebe Lam on 16 Feb, 2015 11:52 PM

    Phoebe Lam's Avatar

    Hi!

    Rec'd. I can read your message.

  10. Support Staff 10 Posted by Steve on 17 Feb, 2015 12:15 AM

    Steve's Avatar

    \°/

    ok, closing this. Glad, this is solved for you. I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  11. Steve closed this discussion on 17 Feb, 2015 12:15 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac