GPG Keychain: error with yubikey private key

Constant's Avatar

Constant

13 Jul, 2018 10:44 PM

Hi GPG tools support,

Recent error asks to contact support, and here I go.
This is the error message:

*An unknown error occurred while decrypting this message.

GPG error message:
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: encrypted with RSA key, ID 0x45184E09B2AEB8FE
gpg: encrypted with 4096-bit RSA key, ID 0x409485EFF98C43ED, created 2017-11-15
"Constant Dullaart (DullTech) [email blocked]" gpg: public key decryption failed: Operation not supported by device
gpg: decryption failed: No secret key

Please contact us, including the GPG error message, at https://gpgtools.tenderapp.com/*

My private keys are on a yubikey, not sure if a downgrade would be possible?

Expected
For the private key to be found on unlocked yubikey…

macOS                   10.13.5     17F77
GPG Suite               2018.3      2223    (8d0c266)
GPGMail                 3.0b7       1319    (c2d0df0a)
GPG Keychain            1.4.4       1460    (9010342)
GPGServices             1.11.4      1013    (0b04f6c)
MacGPG                  2.2.8       916     (0ed4a99)
GPG Suite Preferences   2.1.2       997     (1a09bc7)
Libmacgpg               0.8.5       863     (0707962)
pinentry                0.9.7.1     9       (db18340)
  1. Support Staff 1 Posted by Steve on 17 Jul, 2018 01:21 PM

    Steve's Avatar

    Hi Constant,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    Please

    1. open finder and press ⇧⌘G
    2. paste ~/.gnupg/dirmngr.conf

    Open that file with TextEdit and remove the line starting with "ca-cert-file".

    That should get rid of the error. But we are not sure if that will also bring your Yubikey to working state.

    Please try the above and let us know how that goes.

    Best,
    steve

  2. 2 Posted by Constant Dullaa... on 17 Jul, 2018 09:50 PM

    Constant Dullaart's Avatar

    Hey Steve,

    Thanks for the answer!
    Got it to work yesterday using the steps in this link
    https://gpgtools.tenderapp.com/kb/faq/missing-keys-after-migrating-to-gnupg-22 <https://gpgtools.tenderapp.com/kb/faq/missing-keys-after-migrating-to-gnupg-22>

    Also checked the config file you mentioned and it only mentions the keyserver pool
     hkps://hkps.pool.sks-keyservers.net

    Thanks for all your help!
    the yubikey is fine : )

  3. Support Staff 3 Posted by Steve on 18 Jul, 2018 12:51 PM

    Steve's Avatar

    That's great news. Thanks for sending in the update and sharing how you solved the problem.

    I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best,
    steve

  4. Steve closed this discussion on 18 Jul, 2018 12:51 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac