gpg --encrypt fails

I figured out what the problem and solution was so I give an answer with details should anyone run into the same problem, it may be helpful.

The problem is somewhat ambiguous, no really informative error message is given.

It turned out that the encryption sub-key was expired. Strangely, gpg --list-keys did NOT show the expired sub-key!! Once the sub-key expiry was extended, it was included in the output of gpg --list-keys.

Also, KGpg does not show in any way that the sub-key is expired nor it allows to extend the expiry of the sub-key (only the main key's expiry can be changed).

The output of gpg --list-keys before the solution (I changed personal details):

$ gpg --list-keys
/home/user/.gnupg/pubring.gpg
---------------------------------
pub   2048D/5E04B919 2012-02-02 [expires: 2016-02-01]
uid                  Firstname Lastname <[email protected]>
uid                  [jpeg image of size 4005]

Nothing more.

However, gpg --edit 5E04B919 showed that the sub-key is expired

$ gpg --edit 16AE78C5
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048D/5E04B919  created: 2012-02-02  expires: 2016-02-01  usage: SCA 
                     trust: ultimate      validity: ultimate
sub  1024g/16AE78C5  created: 2012-02-02  expired: 2014-02-01  usage: E   
[ultimate] (1). Firstname Lastname <[email protected]>
[ultimate] (2)  [jpeg image of size 4005]

gpg>

After some Google search, I found this mailing list archive which pointed me to the right direction to extend the expiry of the sub-key using gpg command line:

http://lists.gnupg.org/pipermail/gnupg-users/2005-June/026063.html

I followed the instructions and extended the sub-key expiry. After this gpg --list-keys gave a different output:

$ gpg --list-keys
/home/user/.gnupg/pubring.gpg
---------------------------------
pub   2048D/5E04B919 2012-02-02 [expires: 2016-03-12]
uid                  Firstname Lastname <[email protected]>
uid                  [jpeg image of size 4005]
sub   1024g/16AE78C5 2012-02-02 [expires: 2016-03-12]

After this, everything was back to normal, I could encrypt files, etc.


In my case I imported my key (gpg --import path/to/key) generated on other machine.

But I could not use it because it was untrusted.

I executed gpg --edit-key "MY KEY ID" trust and set up trust level 5.

After that my key became trusted and now I can use it for encryption.


You need to specify the key that you want to use for encryption, so the command you need in this case is gpg -r [email protected] --encrypt file-to-encrypt.

Tags:

Encryption

Gnupg

Recent Posts