pass and gpg: No public key
Solution 1
pass uses gnupg2, which does not share it's keyring with gnupg 1.x.
Import your keys again using gnupg2 instead of gnupg. If you already have your keys in gnupg on the target machine run:
$ gpg --export-secret-keys > keyfile
$ gpg2 --import keyfile
After importing, you may need to update the trust on your key.
You should see a Secret key is available. message if the import was successful:
$ gpg2 --edit-key FA829B53
[...]
Secret key is available.
sec rsa4096/FA829B53
created: 2015-03-14 expires: 2017-03-13 usage: SC
trust: unknown validity: ultimate
ssb rsa4096/74270D4A
created: 2015-03-14 expires: 2017-03-13 usage: E
[ultimate] (1). Yury Shvedov (shved) <[email protected]>
Now update the trust on your key:
gpg> trust
[...]
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
[...]
gpg> save
Solution 2
Output line
gpg: 2048R/FA829B53: skipped: No public key
shows a wrong pass initialization. You initialized pass with the command pass init 2048R/FA829B53 whereas you should do it with the command pass init FA829B53. To solve the problem you should change the content of the file ~/.password-store/.gpg-id from 2048R/FA829B53 to FA829B53 and commit changes.
PS
All @Łukasz Lis advises are correct and you should complete them too. In other case you won't be able to decrypt the pass:
$ pass -c test
will give you an error:
gpg: decryption failed: No secret key
Related videos on Youtube
15 : 46
22 : 34
20 : 23
Admin
Updated on September 18, 2022Comments
-
Admin 3 months
I'm using the pass for quite a long time; but after exporting my key storage and gpg keys to another machine I see following output:
$ gpg --list-key /home/shved/.gnupg/pubring.gpg ------------------------------ pub 2048R/FA829B53 2015-04-28 uid [ultimate] Yury Shvedov (shved) <[email protected]> sub 2048R/74270D4A 2015-04-28My key imported and trusted, but not usable:
pass insert test Enter password for test: Retype password for test: gpg: 2048R/FA829B53: skipped: No public key gpg: [stdin]: encryption failed: No public key fatal: pathspec '/home/shved/.password-store/test.gpg' did not match any filesWhat can I do to use my key again?
-
Anthon about 7 yearspass (at least version 1.6.3) usesgpgnotgpg2. And gpg2 is just a redesign. Only with version 2.1 did some changes come (combining public and private keys in the public keyring. -
Łukasz Lis about 7 yearsThat is not true for my version (1.6.5). From the source code: 10 GPG="gpg" 11 export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}" 12 which gpg2 &>/dev/null && GPG="gpg2" 13 [[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS+=( "--batch" "--use-agent" ) This implies that 'pass' uses gpg unless gpg2 is present on the same system.
-
Anthon about 7 yearsso it uses gpg unless gpg2 is installed and for the purposes of pass these are compatible, otherwise you would get horrible problems if you happen to install gpg2 some time after you started to use pass (which you shouldn't in the first place as it sometimes leaves unencrypted data in your "storage" directory).
-
Łukasz Lis about 7 yearsFirst, this is not what you argued in your first reply. Second, you've not replied to my point about them not sharing a keyring. Third, they are only compatible in that both can decrypt messages if given a proper secret key.
-
Nikos Alexandris almost 5 yearsUseful. It can happen to (mis-)typepass init SomethigElseThanFirstStore. -
Kevdog777 almost 3 yearsThis does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - From Review -
m3asmi almost 3 yearsindeed I had the same problem, I resolve it with this -
VMcPherron about 1 yearIt just so happens that this is EXACTLY what is needed. ~/.password-store/.gpg-id is the key name that is used for the pass application. In my situation, I had the default .gpg-id which included the following contents: "my local password storage". Once I changed to the name/account of the keys I had imported, it worked.