gpg decryption fails with no secret key error

Looks like the secret key isn’t on the other machine, so even with the right passphrase (read from a file) it wouldn’t work.

These options should work, to

  • Either copy the keyrings (maybe only secret keyring required, but public ring is public anyway) over to the other machine
  • Or export the secret key & then import it on the other machine

A few useful looking options from man gpg:

Either export all keys from all keyrings (default keyrings and those registered via option --keyring), or if at least one name is given, those of the given name. The new keyring is written to STDOUT or to the file given with option --output. Use together with --armor to mail those keys.

Same as --export, but exports the secret keys instead.

Import/merge keys. This adds the given keys to the keyring. The fast version is currently just a synonym.

And maybe

--keyring file
Add file to the current list of keyrings. If file begins with a tilde and a slash, these are replaced by the $HOME directory. If the file‐ name does not contain a slash, it is assumed to be in the GnuPG home directory (“~/.gnupg” if –homedir or $GNUPGHOME is not used).

Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use --keyring along with --no-default-keyring.

--secret-keyring file
Same as --keyring but for the secret keyrings.

Leave a Comment