Page MenuHome GnuPG

Imported key cannot be used to encrypt.
Closed, ResolvedPublic

Description

When I load the following key, it will import correctly, but will not allow me to encrypt a file.
It has a red X by the name , and the key details say it is only good for certification and signing.
If I try to encrypt a file with it, here are the results. I get an error saying:

"Could not find a key for 'It Ops <[redacted]com> OpenPPG, created: 6/10/2020)'"

Other customers seem to be able to use this key properly.
I have upgraded from 3.1.7 to 3.1.12, uninstalled and reinstalled, rebooted between installs, deleted the key and re-imported it, but all my keys come back when I reinstall, without me having to re-import them.
And yet, I cannot use this key to encrypt.

Any idea why?
Thanks,
Mike Mohr

Key that I imported:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF7hjrEBEADEfVN9eDaR8HMwqgOi/o5esLQxTNskMgTENOLGzJHiq6RvB2JS
4Pbw3DzQnp0UeQrmRm9iemAb4rN361f00qFvgPMzK4nCvWucp5Ln8QBCKr7SiK4w
YcldrweGo2eQb+jYXVvWvqsUjbqU9KcQVLG6rehH/auUKgrCYdlrI//SkM1nAM7j
WWAQ85AJH/mzXKjKP+emhe0Ceu99lcyuTRm+WnrHU6T4f5Hl4t7TrQZ75NZ6Da68
5Shk+irU5ZouE8LkKjurW1XE763xVbEZ1aoEXCeUn/UQ/DWC5wZgkl1j4fSnk3k7
KX8QSbSEHTyEUOPAf01G7vedKbNpmXNY6d9CeS+8kg55IJhGxp4E0fZO2maPZaPQ
UYtryFlGX99gfuzktRk0WJEFvPJMXdzRHs9VrWzYIjhynthEgtChMFT6fRqfW/c2
ifX1xnR96aiFlVSAzRtC4I7ZR3NyrgseqlV5TI5iqfo85A54L9GyxWb5CATqNsH8
VhA6B5oj8yrKUDGloPFog8s/rxC2kcSDRIdsUd/+dxT29TILGNF2Rqgx9FYWGwca
TeA6/BOBc0yFdke0sHU5Z4wb6ERW6DaXZBwvqyGVExO2I+k6lLPtImIH2efIuzn+
bqy8zdmLJM9Gq4c8VGB3wI/eyUSIXu0PVmCYWzpbqTH6C6h3EwPIYfoAvwARAQAB
tBdJdCBPcHMgPGl0b3BzQHJzbGkuY29tPokCPQQTAQgAJwUCXuGOsQIbAwUJCWYB
gAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRATiBM8lSfV2pBzD/4o/D48LTTG
g8iNBphPGccp+7qrWiwzfQiEkmpSJqsUmec17hF3GQHyH+/iJsMd8T8buwEF8B/T
UBvvA70dEZYjKLpZF/VJy2T9uOqVxO8q3xYI5cNHsSaBeaIUk3rHhbxrONYV1X5Y
nhY6pyMQdY3Y91wDUHN9FiCJfS/HsjOHsrIcc6i1YtryMJcCkCgD8yniIcP2ZAgQ
Sp0lgsDzzVz6r994vaRX7fnTGCgi3hLrKk5wXg5CDVsGxU29f282KBdu6X1APLlJ
X8Pe+H8PuqqcYXwJqdjmLreWNFdi3sR/MhZMOd1YmkwGX4ijWxzNynW9qiB7rLzh
C2L19jgeaplXK1j3SkrPLPyUHBhdVBUpNCR0uX9sjbIx+I/mNvULIkkVfdfRT6Ji
khO0h6SlK3EGOQzPBLogwnjOZkVyNrLGMsS+5tniofmwP1Luo3s6TdhWlBnbbWgg
rmn/3BBpUqWhZgtTND3oQ2q1Xpc3PIEaXSx/bEVVa/m3f4XHAIrduMg2RdGfTcji
2ORbbamkwrgVAIgby0oyxeCHGeQ7wcszVWWBtiAzr+OfuaXUV08O0QnszKYeT3bh
p8kWJf8kFldmBtWY1wg3anoUTRuXjEQy9w+UuJasRTU7pCQs4DgG1muKwol2fc+Z
oKlrpDaSHpAdFkcqeEeB8GgOQcBVEeU7hA==

eUS0

-----END PGP PUBLIC KEY BLOCK-----

Details

Version
Loaded with 3.1.7, upgraded to 3.1.12

Event Timeline

Something looks odd about the way I pasted that key in there. The last 4 characters are bold, and it is missing an = sign.

Trying again.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF7hjrEBEADEfVN9eDaR8HMwqgOi/o5esLQxTNskMgTENOLGzJHiq6RvB2JS
4Pbw3DzQnp0UeQrmRm9iemAb4rN361f00qFvgPMzK4nCvWucp5Ln8QBCKr7SiK4w
YcldrweGo2eQb+jYXVvWvqsUjbqU9KcQVLG6rehH/auUKgrCYdlrI//SkM1nAM7j
WWAQ85AJH/mzXKjKP+emhe0Ceu99lcyuTRm+WnrHU6T4f5Hl4t7TrQZ75NZ6Da68
5Shk+irU5ZouE8LkKjurW1XE763xVbEZ1aoEXCeUn/UQ/DWC5wZgkl1j4fSnk3k7
KX8QSbSEHTyEUOPAf01G7vedKbNpmXNY6d9CeS+8kg55IJhGxp4E0fZO2maPZaPQ
UYtryFlGX99gfuzktRk0WJEFvPJMXdzRHs9VrWzYIjhynthEgtChMFT6fRqfW/c2
ifX1xnR96aiFlVSAzRtC4I7ZR3NyrgseqlV5TI5iqfo85A54L9GyxWb5CATqNsH8
VhA6B5oj8yrKUDGloPFog8s/rxC2kcSDRIdsUd/+dxT29TILGNF2Rqgx9FYWGwca
TeA6/BOBc0yFdke0sHU5Z4wb6ERW6DaXZBwvqyGVExO2I+k6lLPtImIH2efIuzn+
bqy8zdmLJM9Gq4c8VGB3wI/eyUSIXu0PVmCYWzpbqTH6C6h3EwPIYfoAvwARAQAB
tBdJdCBPcHMgPGl0b3BzQHJzbGkuY29tPokCPQQTAQgAJwUCXuGOsQIbAwUJCWYB
gAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRATiBM8lSfV2pBzD/4o/D48LTTG
g8iNBphPGccp+7qrWiwzfQiEkmpSJqsUmec17hF3GQHyH+/iJsMd8T8buwEF8B/T
UBvvA70dEZYjKLpZF/VJy2T9uOqVxO8q3xYI5cNHsSaBeaIUk3rHhbxrONYV1X5Y
nhY6pyMQdY3Y91wDUHN9FiCJfS/HsjOHsrIcc6i1YtryMJcCkCgD8yniIcP2ZAgQ
Sp0lgsDzzVz6r994vaRX7fnTGCgi3hLrKk5wXg5CDVsGxU29f282KBdu6X1APLlJ
X8Pe+H8PuqqcYXwJqdjmLreWNFdi3sR/MhZMOd1YmkwGX4ijWxzNynW9qiB7rLzh
C2L19jgeaplXK1j3SkrPLPyUHBhdVBUpNCR0uX9sjbIx+I/mNvULIkkVfdfRT6Ji
khO0h6SlK3EGOQzPBLogwnjOZkVyNrLGMsS+5tniofmwP1Luo3s6TdhWlBnbbWgg
rmn/3BBpUqWhZgtTND3oQ2q1Xpc3PIEaXSx/bEVVa/m3f4XHAIrduMg2RdGfTcji
2ORbbamkwrgVAIgby0oyxeCHGeQ7wcszVWWBtiAzr+OfuaXUV08O0QnszKYeT3bh
p8kWJf8kFldmBtWY1wg3anoUTRuXjEQy9w+UuJasRTU7pCQs4DgG1muKwol2fc+Z
oKlrpDaSHpAdFkcqeEeB8GgOQcBVEeU7hA===eUS0
-----END PGP PUBLIC KEY BLOCK-----

werner claimed this task.
werner edited projects, added Not A Bug; removed Bug Report.
werner added a subscriber: werner.

Iyou look at the key on the command line (or with Kleopatra's certificate manager), for example by using "gpg --list-key foo@bar.com" or by applying the command "gpg --show-keys" on the pasted keyblock you get this:

pub   rsa4096 2020-06-11 [SC] [expires: 2025-06-10]
      A2DA41DE56456FE183B86F9C1388133C9[....]
uid                      It Ops <[redacted]>

This this key has only the primary key which is capable of signing and certifying other keys ("[SC]"). There is no subkey capable of encryption (would be marked as "[E]"). Thus despite mathematically possible gpg rejects such a key for encryption. You should ask the correspondent to add an encryption subkey to their key; hgowever their might have been a reason that they don't provide an encryption subkey - I can't tell.

BTW, if you want to paste here something which is not interpreted as markup you can include this in tripe backticks or mark and click on the </> icon in the menu.