[pass] gpg: decryption failed: No secret key

David Dahlberg david.dahlberg at fkie.fraunhofer.de
Wed Aug 31 09:09:37 CEST 2016

Am Mittwoch, den 31.08.2016, 08:24 +0200 schrieb Remi Bruggeman:

> ## Decrypting outside pass works:
> gpg --decrypt < '.password-store/email/anon.com.gpg'
> ## Decrypting pass does not work:
> me at deb:~$ pass email/anonymousspeech.com

Plenty of people had this problem, so I am answering once again to the
list ... for the archives.

The likely problem that you encounter here is not one of pass, but of
gpg2. Pass uses gpg2 in favour of gpg, if it finds it.

This is the problem:

Gpg2 deprecated md5 and other old stuff a while ago (last year?).
Unfortunately, WK seems to have it done in manor that does not only
impact keys and files that are actually using the old algorithms, but
just having some old PGP2-style keys somewhere in your keyring seems be
enough do let gpg2 struggle.

Why can you decode by hand?

Because you were using gpg, not gpg2. Be aware, that gpg also deprecated
those algorithms very recently, so this change may hit your distribution
sooner or later.

What can you do?

1. Backup your keyring to a safe location.
2. Export the keys that you need with gpg.
3. Create a new keyring and import keys with gpg2.



More information about the Password-Store mailing list