I’m trying to encrypt and decrypt w Kleo, it’s going terrible. For weeks off and on I’ve tried, looked up how to guides, youtube, I’ve saved my public key, secret key and a separate key, all 3 in .txt, .pgp, and .asc trying to figure it out. I’ve deleted keys and created new keys, certified and recertified.
I’ve copy and pasted into Kleo notepad to try and import, no good.
I’ve used the mouse to click on the stuff at top left corner to import that way, no good. Deleted Kleo and re installed, no good. I’ve lost hope with Kleo and started looking for Kleo alternatives, they haven’t worked. I’ve gotten help from a guy, I’ve read about problems people have like this, they get it figured out but don’t specifically state how they did it.
I always, always get a “unusable key” or "no public key, but I clearly see my two keys and I’m not a natural tech guy so I’m at my wits end here.
I thought maybe I needed to be admin, no good, I had to take away those rights so I could use the program. Surely it’s not Kleo if EVERY SINGLE program I’ve downloaded and try DO NOT work as well. I have absolutely no clue whatsoever about what to do next except go office space on this POS and bash it all to hell with a bat.
Okay, let’s try to untangle this clutter. First, I would like to talk about the keys you created. How did you create the files?
Usually, if you open the view with all your keys you have to select the key you want to export and then you click on “Export…”. Then you just have to select a location give the file a name and click on “Save”.
It is not necessary to save the keys in different formats. “.asc” is sufficient.
File- create key pair- open pgp key pair- pseudonym and email- save
Click on import- select file and then window pops up
certificates
total # processed:1
imported:0
Unchanged:1
Any of the 3 I have say this.
When I try to decrypt it says there are certs attached and can’t decrypt.
When it says “Unchanged: 1” it means that this key is already contained in Kleopatra. And this is the case because you created it with Kleopatra so normally you don’t have to import it. But of course it’s nice to test how it works.
What kind of file did you try to decrypt? Was it a file that you encrypted on your own or did someone else send it to you?
One is an encrypted message to me, the other is an unencrypted message I’m trying to encrypt. That is when I get the “No public key” error code."
Do you want to encrypt the message to someone else or to yourself? And what do you see when you select the recipients for your message? Do you see green symbols with check marks?
Set up 2FA and encrypt from me to them. That’s about it.
I select encrypt for me, “Unusable public key” error code.
I select encrypt for someone else, “unusable public key” error code.
I see green check marks that is correct.
Hi A H,
if there is confusion, let us check some basics first.
Which version of Gpg4win do you have installed? (It should be the latest which today is 4.0.2 and you should have installed it by using the defaults.)
Which version of Windows are you using and is your installation somehow special, e.g.
part of a company network where rights or functionalities are restricted. (Should a supported version of Windows not being very special.)
Now you should do a technical test that tries to find out if the crypto engine is working.
Use the command line and
a) list the secret keys you have with gpg --list-secret-keys
(copy the long number for your private key)
Now try to encrypt a simple test file to one of those keys explicitely,
by using the key ID (the long number) for example like
c) echo hello >hi.txt
d) gpg --verbose --encrypt --recipient XYZYOURKEYID hi.txt
Try to decrypt
e) gpg --verbose hi.txt.gpg
Note that d) should pop up a pinentry dialog windows, look for it in the background, if the command hangs.
Regards
Bernhard
Kleo version= good
Windows 11= up to date.
Where you lose me is A, C, D, and E.
YES, I finally got the gpg --list-secret-keys to work, I see 5 keys, one of which says secret.
You say try to encrypt, you mean in the Kleo program and not here in the command prompt right, can you tell I’m not a techie?
… Yeah dude I have no idea what to do with C or D, I opened Kleo, pasted that key everywhere I could with no luck, tried to import, of course there’s no file named that. Maybe I’m supposed to try that in command…
C:\Users\metal>echo hello >hi.txt 78556CD038807FF7213DF0E3BF8597EDB10A8C6F
Nothing happened
OK, so I tried D, here’s what I copied and pasted to here for you to see the error
C:\Users\metal>gpg --verbose --encrypt --recipient 78556CD038807FF7213DF0E3BF8597EDB10A8C6F >hi.txt
gpg: 1Dg4FUO$dB: skipped: No public key
gpg: [stdin]: encryption failed: No public key
It doesn’t look like D opened anything up…
These keys, they say either secret, full or ultimate, what exactly does that mean? None say public. Why doesn’t one say public? I guess that’s as far as I can go
Hi A H,
all key which are listed by gpg --list-secret-keys (on the command line)
should be the ones where you control the secret part of the key pair.
There are more details of course.
Yes, the easiest for a diagnostic is to use the command line
(some examples are here https://wiki.gnupg.org/TroubleShooting#Command_line_operations)
In step a) you can see if you have secret keys at all, and you need to copy
the key id (the long number under the main key), e.g. to a notepad editor window.
You need to replace XYZYOURKEYID with that long string/number in the examples.
b) you can do gpg --list-keys XYZYOURKEYID to see if this gives a result,
(it should list the public key part for the key)
Step c) should create a test file, “hi.txt”.
Your output from the encrypt step show that you may have the secret key, but somehow you maybe missing the public key part that belong to it. Did b) show it?
How did you get this secret key, have you created it with Kleopatra or is it imported
from somewhere else? Did you delete any public keys?
Regards
Bernhard
Well I did get the list of keys yesterday, that worked, today cuz of your directions
I was able to get the list key with my secret key to work successfully kind of.
It returned the same information that I got yesterday with the entire list of keys, word for word it said the same thing, secret, there was no public.
When I created a key pair I got this long —begin private pgp key block— with a bunch of jibberish followed by the ----end of pgp stuff— and thought that was the key. I exported and saved into a file, then imported that file, but these keys from the command line, they’re much shorter, I haven’t seen them before. I have a file for the secret key matching the email address and name used, I have a public key for the same. The person who checked my key for me helping out like you are, they said the key was good.
I did create these keys with Kleo yes.
There is no key with public next to it, I see full, I see ultimate to the left of the name and then one out of 4 says secret to the right of the name.
This post comment button sucks, every time I click it says that I double clicked, man.
Well I did get the list of keys yesterday, that worked, today cuz of your directions
I was able to get the list key with my secret key to work successfully kind of.
It returned the same information that I got yesterday with the entire list of keys, word for word it said the same thing, secret, there was no public.
When I created a key pair I got this long —begin private pgp key block— with a bunch of jibberish followed by the ----end of pgp stuff— and thought that was the key. I exported and saved into a file, then imported that file, but these keys from the command line, they’re much shorter, I haven’t seen them before. I have a file for the secret key matching the email address and name used, I have a public key for the same. The person who checked my key for me helping out like you are, they said the key was good.
I did create these keys with Kleo yes.
There is no key with public next to it, I see full, I see ultimate to the left of the name and then one out of 4 says secret to the right of the name.
This post comment button sucks, every time I click it says that I double clicked, man.
With my old keys it said there were certificates attached and wouldn’t work,
now I have this new test message and it’s saying no certs attached.
I revoked all the old keys, and deleted them, used command line to confirm they were gone, created new keys. Imported public but secret won’t import and once again, the unusable public key code comes up. I don’t get it, 1st there certs attached and won’t work, then there’s no certs attached and won’t work
Awesome, guess I got ghosted while right in the middle of this stuff. Looks like I’m on my own with guides that don’t work and youtube that don’t help. And let’s not forget the vague terminology.
" There is no key with public next to it, I see full, I see ultimate to the left of the name and then one out of 4 says secret to the right of the name."
If you want to see the public keys you have to use the command “gpg --list-keys” (then you see ALL keys) or “gpg --list-public-keys” (then you see ONLY public keys)
“When I created a key pair I got this long —begin private pgp key block— with a bunch of jibberish followed by the ----end of pgp stuff— and thought that was the key. I exported and saved into a file, then imported that file, but these keys from the command line, they’re much shorter, I haven’t seen them before.”
What you saw in the command line were the fingerprints of the keys. The part between “-----BEGIN PGP PRIVATE KEY BLOCK-----” and “-----END PGP PRIVATE KEY BLOCK-----” is the actual key. Each key has a fingerprint which is something like an ID.
“With my old keys it said there were certificates attached and wouldn’t work,
now I have this new test message and it’s saying no certs attached.
I revoked all the old keys, and deleted them, used command line to confirm they were gone, created new keys. Imported public but secret won’t import and once again, the unusable public key code comes up. I don’t get it, 1st there certs attached and won’t work, then there’s no certs attached and won’t work”
Thanks for sharing that screenshot! In the field where you entered the Fingerprint you should only enter the EMAIL or the NAME of the person you want to encrypt the file to. When you leave the field empty it says: “Please enter a name or email address…” Instead of entering something you can also click on the icon next to the field. Then you can double-click on the person you want to encrypt to.
Hi A H,
you wrote:
This post comment button sucks, every time I click it says that I double clicked, man.
Sorry about this, it is a long standing defect in the old forum software that we could not get fixed. (Even upstream could not, we offered to pay for it. We opened an issue at https://fusionforge.org/tracker/?func=detail&atid=105&aid=877&group_id=6)
It appears if you wait too long with an open reply windows, before you submit.
The workaround is to go back with the browser, copy the text (into an editor to be sure),
log out of wald, log in again and then try again.
Regards
Bernhard
The key id should work, but in the screenshot it seems to be too long, maybe these were two key ids directly concatenated. Try to use one.
The key id only identifies the key, the key itself is longer.
Maybe https://www.gpg4win.org/doc/en/gpg4win-compendium_8.html helps for some general background, though being old.
Regards
Bernhard
GOOD GOD I got it. I found this keys. open pgp .org
Once I uploaded I guess they finally published to whatever server they go to, or the certificate authority did their thing, and all of a sudden it all came together.
I can encrypt
I can decrypt
I set up 2FA
I was able to import with no problems. Thanks a ton, especially for the command line stuff.
I took screenshots so I can refer to that later on.
Hi A H,
good to know things are working out for you!
(Note that is is unlikely that keys.openpgp.org has a major part in it, because we are talking about our own public keys.)
Regards
Bernhard