[pass] gpg: decryption failed: No secret key

Remi Bruggeman remi at remisan.be
Wed Aug 31 08:24:11 CEST 2016


Hello, 

I'm having some trouble getting pass to decrypt the passwords it stores. 
I understand you get this question once in a while (I did google and went through a great deal of the mail archives) but I have not yet been able to reproduce a solution. 
Below is the info I prepared concerning the problem. Should any additional information be required, let me know. 
Any help is welcome. I really want this to work.

Thanks in advance

## pass database was initiated with pass init 8xxxxxxx 
## I have tried with several keys, all show the same behaviour 
## I have tried to change /usr/bin/pass to set GPG="gpg2" This did not change anything. 
## The keys are both in the gpg and gpg2 keyring.
## I have tried to reload the gpg-agent: gpg-connect-agent reloadagent /bye
## I have added "pinentry-program /usr/bin/pinentry-gtk-2" to .gnupg/gpg-agent.conf
############
### Version info:
############
## pass --version
## ============================================
## = pass: the standard unix password manager =
## =                                          =
## =                  v1.6.5                  =
## =                                          =
## =             Jason A. Donenfeld           =
## =               Jason at zx2c4.com            =
## =                                          =
## =      http://www.passwordstore.org/       =
## ============================================
############
## uname -a
## Linux dimac 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64 GNU/Linux
############
## lsb_release -a
## No LSB modules are available.
## Distributor ID:	Debian
## Description:	Debian GNU/Linux 8.5 (jessie)
## Release:	8.5
## Codename:	jessie
############
## gpg --version
## gpg (GnuPG) 1.4.20
## Copyright (C) 2015 Free Software Foundation, Inc.
## License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
## This is free software: you are free to change and redistribute it.
## There is NO WARRANTY, to the extent permitted by law.
## 
## Home: ~/.gnupg
## Supported algorithms:
## Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
## Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
##         CAMELLIA128, CAMELLIA192, CAMELLIA256
## Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
## Compression: Uncompressed, ZIP, ZLIB, BZIP2 
############
## gpg2 --version
## gpg (GnuPG) 2.0.26
## libgcrypt 1.7.3-beta
############


## Decrypting outside pass works:
gpg --decrypt < '.password-store/email/anon.com.gpg'
gpg: detected reader `Generic Smart Card Reader Interface [Smart Card Reader Interface] (2007000000000000) 00 00'

Please enter the PIN
## asks pin
gpg: encrypted with 2048-bit RSA key, ID 8xxxxxxx, created 2016-07-03
"aname (alias) <email>"
  Q5Rl,2;M2m1==L8BC/1(NJ?BJ+:XCpKajxdk+A+Jn5e

## Listing pass works:
me at deb:~$ pass list
Password Store
     └── email
     ├── anonymousspeech.com
     └── hush

## Decrypting pass does not work:
me at deb:~$ pass email/anonymousspeech.com
## does not ask pin
gpg: decryption failed: No secret key


## The right key seem to have been used
gpg -K | grep -f .password-store/.gpg-id
ssb>  2048R/8xxxxxxx 2016-07-03


## The keys on the card:
General key info..:
pub  2048R/8xxxxxxx 2016-07-03 aname (alias) <email>
sec#  2048R/2xxxxxxx  created: 2016-07-03  expires: never
ssb>  2048R/8xxxxxxx  created: 2016-07-03  expires: never
                      card-no: 0005 0000xxxx
ssb>  2048R/Dxxxxxxx  created: 2016-07-03  expires: never
                      card-no: 0005 0000xxxx


More information about the Password-Store mailing list