How to Export Private / Secret ASC Key to Decrypt GPG Files
EncryptionGnuGnupgPrivate KeyEncryption Problem Overview
Background: My boss has tried exporting an ASC key to me with public and private parts but whenever I get the file the private part never loads up and it won't decrypt any files.
We have tried Exporting the ASC Key using:
-
Windows Application Kleopatra 2.1 (included in gpg4win)
-
Windows Application GNU Privacy Assistant (included in gpg4win)
Error: "Decryption failed. Secret Key Not available."
How do you properly export a secret or private asc key to decrypt gpg files?
Encryption Solutions
Solution 1 - Encryption
You can export the private key with the command-line tool from GPG. It works on the Windows-shell. Use the following command:
gpg --export-secret-keys
A normal export with --export
will not include any private keys, therefore you have to use --export-secret-keys
.
Edit:
To sum up the information given in my comments, this is the command that allows you to export a specific key with the ID 1234ABCD to the file secret.asc:
gpg --export-secret-keys --armor 1234ABCD > secret.asc
You can find the ID that you need using the following command. The ID is the second part of the second column:
gpg --list-keys
To Export just 1 specific secret key instead of all of them:
gpg --export-secret-keys keyIDNumber > exportedKeyFilename.asc
keyIDNumber is the number of the key id for the desired key you are trying to export.
Solution 2 - Encryption
All the above replies are correct, but might be missing one crucial step, you need to edit the imported key and "ultimately trust" that key
gpg --edit-key (keyIDNumber)
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
and select 5 to enable that imported private key as one of your keys
Solution 3 - Encryption
See the treatment by Dark Otter
https://montemazuma.wordpress.com/2010/03/01/moving-a-gpg-key-privately/
If the site is down use reference the archive.org backup:
which includes a reasonably secure way to transfer keys. You could put that recommendation into shell-scripts shown below for repeated use.
First get the KEYID you want from the list shown by
$ gpg -K
From the resulting list note the KEYID (the 8 hexadecimals following sec) you need for transfer.
Then envoke the tested shell scipts "export_private_key" on the first account and generate your pubkey.gpg + keys.asc. Subsequently invoke on the second account "import_private_key". Here is their content shown with cat (copy & paste content):
$ cat export_private_key
gpg -K
echo "select private key"
read KEYID
gpg --output pubkey.gpg --export $KEYID
echo REMEMBER THE COMING PASS-PHRASE
gpg --output - --export-secret-key $KEYID | \
cat pubkey.gpg - | \
gpg --armor --output keys.asc --symmetric --cipher-algo AES256
ls -l pubkey.gpg keys.asc
#################### E X P O R T _ P R I V A T E _ K E Y #####################
Now tranfer by some means the "pubkey.gpg" (if needed) and the private "keys.asc" to the second account and envoke the below-shown program.
$ cat import_private_key
gpg --no-use-agent --output - keys.asc | gpg --import
################### I M P O R T _ P R I V A T E _ K E Y ######################
In Otter's spirit "And that, should be, that".
Solution 4 - Encryption
I think you had not yet import the private key as the message error said, To import public/private key from gnupg:
gpg --import mypub_key
gpg --allow-secret-key-import --import myprv_key
Solution 5 - Encryption
this ended up working for me:
gpg -a --export-secret-keys > exportedKeyFilename.asc
you can name keyfilename.asc by any name as long as you keep on the .asc extension.
this command copies all secret-keys on a user's computer to keyfilename.asc in the working directory of where the command was called.
To Export just 1 specific secret key instead of all of them:
gpg -a --export-secret-keys keyIDNumber > exportedKeyFilename.asc
keyIDNumber is the number of the key id for the desired key you are trying to export.
Solution 6 - Encryption
Similar to @Wolfram J's answer, here is a method to encrypt your private key with a passphrase:
gpg --output - --armor --export $KEYID | \
gpg --output private_key.asc --armor --symmetric --cipher-algo AES256
And a corresponding method to decrypt:
gpg private_key.asc
Solution 7 - Encryption
1.Export a Secret Key (this is what your boss should have done for you)
gpg --export-secret-keys yourKeyName > privateKey.asc
2.Import Secret Key (import your privateKey)
gpg --import privateKey.asc
3.Not done yet, you still need to ultimately trust a key. You will need to make sure that you also ultimately trust a key.
gpg --edit-key yourKeyName
Enter trust, 5, y, and then quit
Source: https://medium.com/@GalarnykMichael/public-key-asymmetric-cryptography-using-gpg-5a8d914c9bca