Discussion:
[pass] gpg: decryption failed: No secret key
Daniel Sousa
2016-04-03 15:36:26 UTC
Permalink
I am trying to use pass, but I always get the same error

➜ ~ pass init ACBBA601
Password store initialized for ACBBA601
➜ ~ pass generate foo 10
The generated password for foo is:
D-afY9}7:T
➜ ~ pass foo
gpg: decryption failed: No secret key

gpg2 has the key:
➜ ~ gpg2 --list-keys
(...)
pub rsa2048/ACBBA601 2016-04-03 [SC]
uid [ultimate] Daniel Sousa (Passwords) <***@daniel.sousa.me>
sub rsa2048/E670104C 2016-04-03 [E]

Can someone help me find the problem?
Kevin Cox
2016-04-03 15:39:10 UTC
Permalink
It sounds like you only have the public key. You can try the description
manually to check.

gpg --decrypt < ~/.password-store/foo.gpg

The public key can be used to insert (encrypt) but you will need the
private key in order to show (decrypt) the passwords. This is because
pass uses asymmetric cryptography.
Post by Daniel Sousa
I am trying to use pass, but I always get the same error
➜ ~ pass init ACBBA601
Password store initialized for ACBBA601
➜ ~ pass generate foo 10
D-afY9}7:T
➜ ~ pass foo
gpg: decryption failed: No secret key
➜ ~ gpg2 --list-keys
(...)
pub rsa2048/ACBBA601 2016-04-03 [SC]
sub rsa2048/E670104C 2016-04-03 [E]
Can someone help me find the problem?
Daniel Sousa
2016-04-03 15:51:41 UTC
Permalink
If I use gpg it works as expected, but not if I use gpg2. Then I get the
error:
gpg: encrypted with 2048-bit RSA key, ID EBA0E31F, created 2016-04-03
"Daniel Sousa (passwords) <***@sousa.me>"
gpg: decryption failed: No secret key

(the ID's don't match because I tried deleting the old key and
generating a new one)

Btw, why are we using asymmetric keys instead of symmetric keys?
Wouldn't it be more secure without lost of functionality?
Post by Kevin Cox
It sounds like you only have the public key. You can try the description
manually to check.
gpg --decrypt < ~/.password-store/foo.gpg
The public key can be used to insert (encrypt) but you will need the
private key in order to show (decrypt) the passwords. This is because
pass uses asymmetric cryptography.
Post by Daniel Sousa
I am trying to use pass, but I always get the same error
➜ ~ pass init ACBBA601
Password store initialized for ACBBA601
➜ ~ pass generate foo 10
D-afY9}7:T
➜ ~ pass foo
gpg: decryption failed: No secret key
➜ ~ gpg2 --list-keys
(...)
pub rsa2048/ACBBA601 2016-04-03 [SC]
sub rsa2048/E670104C 2016-04-03 [E]
Can someone help me find the problem?
Kevin Cox
2016-04-03 16:00:43 UTC
Permalink
Post by Daniel Sousa
Btw, why are we using asymmetric keys instead of symmetric keys?
Wouldn't it be more secure without lost of functionality?
With symmetric keys you can't easily share a password store with
multiple people.

Loading...