Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 597388 - app-crypt/gnupg-2.1.15: gpg: Decryption failed: No secret key
Summary: app-crypt/gnupg-2.1.15: gpg: Decryption failed: No secret key
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Kristian Fiskerstrand
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: gnupg-2.1, gnupg-2.2
  Show dependency tree
 
Reported: 2016-10-17 20:35 UTC by Fernando Rodriguez
Modified: 2016-10-21 08:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info (emerge-info.txt,7.19 KB, text/plain)
2016-10-17 20:37 UTC, Fernando Rodriguez
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Fernando Rodriguez 2016-10-17 20:35:57 UTC
I have an alternate keyring that I access as follows:

 15  gpg --no-default-keyring \
 16                 --keyring=path_to_keyring \
 17                 --secret-keyring=path_to_secret_keyring \
 18                 --trustdb-name=path_to_trustdb $@

After a recent update to gnupg-2.1.15 trying to decrypt with it gives:

gpg:  Decryption failed: No secret key

And --list-secret-keys shows no keys. After downgrading back to gnupg-2.0.28 the problem was fixed. To reproduce create an alternate keyring, run a --decrypt or --list-secret-keys command with the arguments listed above and pointing to the alternate keyring. The keyring that I used was created with an earlier gnupg version. I don't know if it makes a difference.


Also, if I understand correctly, 2.0 is the stable branch upstream [1]. So is there a reason for pushing 2.1 to stable users?
Comment 1 Fernando Rodriguez 2016-10-17 20:37:17 UTC
Created attachment 450594 [details]
emerge --info
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2016-10-21 08:47:18 UTC
(In reply to Fernando Rodriguez from comment #0)
> I have an alternate keyring that I access as follows:
> 
>  15  gpg --no-default-keyring \
>  16                 --keyring=path_to_keyring \
>  17                 --secret-keyring=path_to_secret_keyring \
>  18                 --trustdb-name=path_to_trustdb $@
> 
> After a recent update to gnupg-2.1.15 trying to decrypt with it gives:
> 
> gpg:  Decryption failed: No secret key

secret-keyring has been deprecated for a while and is ignored in 2.1. If you want a separate secret keyring, use a separate homedir and do a gpg --homedir path/to/homedir --import name-of-secring.gpg
Comment 3 Kristian Fiskerstrand gentoo-dev Security 2016-10-21 08:49:47 UTC

> 
> 
> Also, if I understand correctly, 2.0 is the stable branch upstream [1]. So
> is there a reason for pushing 2.1 to stable users?


2.0 is EOL 2017. 2.1 is also a stable version (called "modern" for disambiguity reasons) and recommended for most users. From announcements: GnuPG "modern" (2.1) comes with the latest features 
and is suggested for most users. 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^