error: sign+encrypt failed: unusable public key
Closed, InvalidPublic

Description

Hi,

I have imported a key and did trusted,but while encrypting getting "sign+encrypt failed: unusable public key" error
expiry date for both key and suskey till 2020
used below command for encryption
gpg --pinentry-mode loopback --sign --encrypt --armor -u xxxxx -o E:\New\test.txt.gpg -r xxxxx --passphrase mypasspharse E:\New\test.txt

please let me know where I did mistake. urgent for me

Details

Version
2.2.3
4537 created this task.Jan 10 2018, 1:09 PM
werner added a subscriber: werner.

I can't tell you from your input what is wrong with your key. Please run

gpg -v --debug lookup  --pinentry-mode loopback --sign --encrypt --armor -u xxxxx -o E:\New\test.txt.gpg -r xxxxx \
  --passphrase mypasspharse E:\New\test.txt

which gives detailed information on how gpg selected the key. You may want to redact some keyids shows, but please in a way so that it is possible to see the different keys (and subkeys).

4537 added a comment.Jan 12 2018, 11:13 AM

I am sharing completed info, please look into it, at may I know the cause
gpg: enabled debug flags: lookup
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: SUBSTR: 'JPMCBANK_GPG_PROD_2020'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: finish_lookup: checking key 88BEBD28 (all)(req_usage=1)
gpg: DBG: checking subkey 022E17B7
gpg: DBG: subkey might be fine
gpg: DBG: using key 022E17B7
gpg: using subkey F423A07D022E17B7 instead of primary key 9D09927E88BEBD28
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: SUBSTR: 'JPMCBANK_GPG_UAT_2019'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: LONG_KID: 'BFFCAF61B48701FD'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: finish_lookup: checking key B48701FD (all)(req_usage=0)
gpg: DBG: using key B48701FD
gpg: using pgp trust model
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: finish_lookup: checking key B48701FD (all)(req_usage=2)
gpg: DBG: checking subkey 403048E0
gpg: DBG: usage does not match: want=2 have=1
gpg: DBG: no suitable subkeys found - trying primary
gpg: DBG: primary key usage does not match: want=2 have=5
gpg: DBG: no suitable key found - giving up
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: SUBSTR: 'JPMCBANK_GPG_UAT_2019'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => EOF
gpg: JPMCBANK_GPG_UAT_2019: skipped: Unusable public key
gpg: E:\New\steps.txt: sign+encrypt failed: Unusable public key
gpg: secmem usage: 1376/32768 bytes in 3 blocks

Let me comment this

gpg: DBG: checking subkey 403048E0
gpg: DBG: usage does not match: want=2 have=1

gpg wants a key which is capable to encrypt (want=2) but the subkey under consideration allows only signing (have=1).

gpg: DBG: no suitable subkeys found - trying primary
gpg: DBG: primary key usage does not match: want=2 have=5
gpg: DBG: no suitable key found - giving up

With no subkey capable of encryption gpg checks whether the primary key can encrypt (want=2) but the primary key can only sign and certify (want=5 that is 1| 4). This is the default for primary keys. Your seem to have created a standard primary key and added an signing-only subkey. However, you did not add an encryption subkey. Thus the entire key cannot be used for encryption.

werner closed this task as Invalid.Jan 19 2018, 8:29 AM