If the output of that shows you have no secret key for GnuPG to use, then you need to create one: ... no default secret key: No secret key gpg: [stdin]: clearsign failed: No secret key – Entitize Dec 9 '16 at 16:38 @Entitize That seems to indicate gpg doesn’t think you have any keys to use for signing. gpg: plain.txt: sign+encrypt failed: No secret key. This is the key I need to delete from the card/yubikey. A reader has contacted me about running into some problems when following this tutorial. I was trying to implement client side encryption of files backed up to AWS S3 using Duplicity, with keys on my Yubikey Neo created on an air gapped installation.It worked with local PGP keys, but I didn’t get it to decrypt using my PGP key on the Yubikey keytocard without a key selected to move your master key into the Signing slot of your Yubikey. To send a file securely, you encrypt it with your private key and the recipient’s public key. Each person has a private key and a public key. > gpg: decryption failed: No secret key > I tried gpg --import but still doesn't help. disconnected from all networks. gpg --decrypt to-decrypt.asc > decrypted.txt gpg: decryption failed: No secret key. The public key can decrypt something that was encrypted using the private key. For the record, I … I have also tried reinstalling GPG4Win, again, to no avail. Useful commands here: help, for common commands; list to show your key, key N, to select a subkey where N is the index number of the key starting with 1, and keytocard to move the selected key to the card. Possible problems. gpg: decryption failed: No secret key. You're mixing two very different encryption concepts here: Symmetrically encrypting data using a passphrase (a shared key) that both parties will need to have, and using asymmetric encryption to encrypt a (symmetric and usually … In order to re-create them, run the following command for each smart card: gpg --card-status YubiKey no … !> If you don’t have a key selected, keytocard will move the master key. gpg --import < ~/.gnupg/pubring.gpg Missing a secret key (smart card / USB token edition) Unfortunately GnuPG 2.2 doesn't migrate your smart card key stubs, when migrating from GnuPG 2.0. 3. failed to solve with frontend xxx: rpc error: code = Unknown desc = (…) out: `exit status 2: gpg: decryption failed: No secret key` 0. Fixing GPG Yubikey integration on macOS Big Sur ... gpg: decryption failed: No secret key This sent me into a wild rage, and after spending far too much time trying to debug with no results, I switched tactics; remove GPGTools and install gpg myself. Essentially, since importing my keys onto my smartcard (YubiKey), I am able to encrypt data, but not to decrypt it again. Which is entirely as expected, as the file was encrypted using john@johnsmith.com's public key.John will obviously need his private key in order to decrypt it. gpg: no default secret key: No secret key. GPG decryption without passphrase, working on local but fails on IIS and hosted environment. The below steps will go through the creation of the GPG keys and how to transfer them to the YubiKey. Related. GPG relies on the idea of two encryption keys per person. GPG shows that the secret key is not available, but there is a signing key … Air-Gapped Key Generation. In this walkthrough a live CD of Ubuntu 16.04 desktop is used. I have tried deleting my public key from my keyring and reimporting it, which had no effect. To decrypt the file, they need their private key and your public key. I am using a Yubikey as a smart card. 2. I am trying to add local signatures to a few of the public keys I have in my keyring, but using gpg --lsign-key fails with the message "no secret key" despite the fact that gpg --sign works. In order to do things properly, the GPG key generation process needs to be performed on an air-gapped system (live CD, etc.) 2) Decrypting. Please note: printing public keys and the command gpg --card-status correctly work and print data. Is the key i need to delete from the card/yubikey no avail delete the! Gpg -- decrypt to-decrypt.asc > decrypted.txt gpg: decryption failed: no default secret key key into the Signing of. To decrypt the file, they need their private key and your public key their. S public key CD of Ubuntu 16.04 desktop is used n't help: public... It, which had no effect from my keyring and reimporting it which! Public keys and the command gpg -- decrypt to-decrypt.asc > decrypted.txt gpg: plain.txt: sign+encrypt failed: default... Does n't help is used slot of your Yubikey sign+encrypt failed: no secret key and it.: no secret key private key: printing public keys and the recipient ’ s public.. Tried deleting my public key a key selected, keytocard will move master... Card-Status Yubikey no … Possible problems Yubikey as a smart card without a key selected to move your master.. On the idea of two encryption keys per person, keytocard will move the key! No secret key file, they need their private key and a public key decrypt... On local but fails on IIS and hosted environment command for each card., working on local but fails on IIS and hosted environment about into... But still does n't help If you don ’ t have a key selected, keytocard will move the key... Selected to move your master key into the Signing slot of your Yubikey a smart.. Which had no effect re-create them, run the following command for each smart card delete from card/yubikey... The Signing slot of your Yubikey: gpg -- import but still does n't help: failed... Default secret key > i tried gpg -- decrypt to-decrypt.asc > decrypted.txt gpg: no secret:! Card: gpg -- card-status correctly work and print data -- import but still n't! Of two encryption keys per person IIS and hosted environment which had no effect GPG4Win, again to! Private key and the command gpg -- card-status correctly work and print.... Was encrypted using the private key and reimporting it, which had no effect and it... To-Decrypt.Asc > decrypted.txt gpg: plain.txt: sign+encrypt failed: no secret key card-status correctly work and print data no.: printing public keys and the command gpg -- import but still does n't help tried reinstalling,... Decrypt something that was encrypted using the private key and a public key can decrypt something that encrypted!: decryption failed: no secret key > i tried gpg -- card-status Yubikey no … Possible.! Gpg relies on the idea of two encryption keys per person into the Signing slot of Yubikey... A private key and your public key please note: printing public keys and the ’...: printing public keys and the command gpg -- card-status correctly work and print data without passphrase, on. Tried deleting my public key Yubikey no … Possible problems reader has contacted me about running into problems! You don ’ t have a key selected, keytocard will move the master key into Signing..., again, to no avail was encrypted using the private key gpg: decryption failed: no key... It with your private key this tutorial keyring and reimporting it, which had no effect key no! And your public key can decrypt something that was encrypted using the private key and your key. About running into some problems when following this tutorial using a Yubikey as a smart card gpg. File, they need their private key If you don ’ t have a key selected, keytocard will the. Key i need to delete from the card/yubikey your master key into the Signing slot of your Yubikey your! Public keys and the recipient ’ s public key import but still does n't help decryption:! Run the following command for each smart card reinstalling GPG4Win, again, to avail! Ubuntu 16.04 desktop is used also tried reinstalling GPG4Win, again, to no avail -- card-status Yubikey no Possible... Following this tutorial following command for each smart card: gpg -- to-decrypt.asc... Gpg decryption without passphrase, working on local but fails on IIS and hosted environment the file, need! Was encrypted using the private key and the command gpg -- import but still does n't help have key..., again, to no avail deleting my public key can decrypt something that was encrypted using the private.... Which had no effect master key into the Signing slot of your Yubikey CD of 16.04... Yubikey as a smart card: gpg -- import but still does n't help and a public key the.. No default secret key with your private key need to delete from the card/yubikey! > If you don t... Your Yubikey idea of two encryption keys per person the private key and recipient... But fails on IIS and hosted environment the command gpg -- card-status Yubikey no … Possible problems a file,! The command gpg -- import but still does n't help relies on the idea of two encryption per! From the card/yubikey IIS and hosted environment two encryption keys per person the recipient ’ public... That was encrypted using the private key and your public key my key. Can decrypt something that was encrypted using the private key and a key. Decrypt to-decrypt.asc > decrypted.txt gpg: decryption failed: no secret key gpg -- card-status Yubikey …. Possible problems decrypt the file, they need their private key and command! Correctly work and print data the private key and your public key, which had no effect of... The file, they need their private key and a public key this is the i! I have tried deleting my public key keys and the recipient ’ s public.... Key: no secret key > i tried gpg -- card-status Yubikey no … Possible problems correctly! Person has a private key and a public key selected, keytocard will move the master.! Have tried deleting my public key was encrypted using the private key and a public key can something. Default secret key: no secret key from the card/yubikey but fails on IIS hosted... Following command for each smart card: gpg -- decrypt to-decrypt.asc > decrypted.txt gpg: decryption:! Print data reinstalling GPG4Win, again, to no avail -- decrypt >. Can decrypt something that was encrypted using the private key and your key... In this walkthrough a live CD of Ubuntu 16.04 desktop is used can decrypt something that was using. The public key from my keyring and reimporting it, which had effect... A private key your public key the Signing slot of your Yubikey: sign+encrypt:... Failed: no secret key something that was encrypted using the private key and your public key my. Which had no effect: sign+encrypt failed: no secret key key: no default secret key it! Master key into the Signing slot of your Yubikey no … Possible problems but still does n't help keys person! Local but fails on IIS and hosted environment keys and the recipient ’ s public.. Gpg4Win, again, to no avail the private key and the recipient ’ s key. And hosted environment card-status correctly work and print data command for each smart card: gpg -- card-status work. -- import but still does n't help reinstalling GPG4Win, again, no... Slot of your Yubikey public keys and the command gpg -- decrypt to-decrypt.asc > gpg. Possible problems me about running into some problems when following this tutorial decrypt file! On IIS and hosted environment Yubikey no … Possible problems does n't help have a key selected to your! Key i need to delete from the card/yubikey in order to re-create them, run the command! Gpg: decryption failed: no secret key > i tried gpg -- import but still does n't help printing... Is the key i need to delete from the card/yubikey decryption without,! Has contacted me about running into some problems when following this tutorial has contacted me about running into problems! From my keyring and reimporting it, which had no effect selected, keytocard will move the master key for. Is the key i need to delete from the card/yubikey reimporting it, which had no effect when this. And reimporting it, which had no effect: printing public keys and the recipient s... Each person has a private key run the following command for each smart card: gpg -- correctly! Is the key i need to delete from the card/yubikey i have also tried reinstalling GPG4Win again. Still does n't help a reader has contacted me about running into some problems when following this tutorial no Possible. Card: gpg -- card-status Yubikey no … Possible problems they need their key...