[CentOS] gpg can't decrypt message

Nicolas Thierry-Mieg Nicolas.Thierry-Mieg at imag.fr
Wed Oct 1 16:34:41 UTC 2014


On 10/01/2014 06:07 PM, Valeri Galtsev wrote:
>
> On Wed, October 1, 2014 10:19 am, Nicolas Thierry-Mieg wrote:
>>
>>
>> On 10/01/2014 05:16 PM, Nicolas Thierry-Mieg wrote:
>>> On 10/01/2014 04:58 PM, Tim Dunphy wrote:
>>>> Hey guys,
>>>>
>>>>
>>>>    Having a little gpg issue I was wondering if someone could help me
>>>> with.
>>>>
>>>>    A friend of mine sent me an encrypted message. So I searched online
>>>> and
>>>> found a a set of keys that correspond with his email address. And
>>>> imported
>>>> them. But when I go to decrypt the message, this is what I get:
>>>>
>>>> [root at ops:~] #gpg --decrypt roger-message
>>>> gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created 2014-10-01
>>>>         "Roger Sherman <rsherman at viddler.com>"
>>>> *gpg: encrypted with RSA key, ID 9A41C766*
>>>> *gpg: decryption failed: secret key not available*
>>>>
>>> <snip>
>>>> So maybe I just didn't import the right key? Or do you think the
>>>> message
>>>> wasn't sent correctly? Who's the dummy here? Me or him? :)
>>>
>>> looks like he encrypted with HIS public key. So you need his private key
>>> to decrypt, obviously you don't have that.
>>> I believe it's the other way around: he should encrpyt with your public
>>> key, then you are the only person capable of decrypting (with your
>>> private key).
>>
>> BTW what would be the point of encrypting, if anyone can just grab a key
>> online and decrypt? :-)
>>
>
> If you can decrypt his message with his public key, this tells you that
> the person who has access to secret key of the pair was the one who
> encrypted the message. This ensures that you know that he is the one who
> indeed sent this message.

that is the purpose of *signing*: authenticate the sender and prevent 
tampering of the message.

The purpose of *encrypting* is different: make sure only the intended 
recipient can read (decrypt) the message.

Sometimes you do both, but you don't have to.



More information about the CentOS mailing list