25

I am trying to encrypt a file locally and I get an error. me@example.com is a placeholder for my email address, a public key exists for that in my keyring and also on key servers. My private key is located on a hardware key (Yubikey). I can decrypt previously encrypted files with no problem. Here is the error:

➜  ~ gpg -e -r me@example.com somefile.txt 
gpg: error retrieving 'me@example.com' via WKD: General error
gpg: me@example.com: skipped: General error
gpg: somefile.txt encryption failed: General error

What does this error mean and how can I solve it?

P.S. There is only one more thing that might be related. My public key is expired.

mehdix
  • 695
  • 4
    WKD is the web key directory. Is adding the -vv option providing more insight what's going wrong? – Jens Erat Nov 19 '17 at 13:48
  • Adding -vv prints four more lines, three of them being gpg: Note: signature key ... expired and the last one gpg: <ke_id> skipped: Unusable public key. Apparently everything boils down to the key being expired. – mehdix Nov 19 '17 at 21:16
  • Extending the key solved the problem. – mehdix Nov 19 '17 at 21:23
  • Glad you figured it out on your own. Feel free to add this as an answer -- this seems a rather new combination of weird error message and actual issue. – Jens Erat Nov 19 '17 at 21:55
  • I have to use the ID and not the email on the gpg --list-key output. – NicoKowe Nov 20 '22 at 22:06

5 Answers5

20

Extending key expiration date fixed the problem. The error message was misleading. However adding -vv as Jens Erat suggested produced some useful error messages such as gpg: Note: signature key ... expired and gpg: ... skipped: Unusable public key that helped finding the actual error.

mehdix
  • 695
  • 6
    For my future self next year: in order to extend the expiration date, stop googleing and head directly over to the Arch Linux wiki page: https://wiki.archlinux.org/index.php/GnuPG#Extending_expiration_date. – mehdix May 02 '20 at 14:52
  • Alternatively, gpg --quick-set-expire PRIMARY_FINGERPRINT TIMESTAMP to set expire of the primary key, gpg --quick-set-expire PRIMARY_FINGERPRINT TIMESTAMP * to set expire of the non-revoked and not yet expired subkeys, gpg --quick-set-expire PRIMARY_FINGERPRINT TIMESTAMP SUBKEY_FINGERPRINT... to set expire of the specified subkeys. More on it here. – x-yuri Jun 20 '22 at 13:45
3

I received a similar error when using StackExchange/Blackbox (GitHub), which is a wrapper around GPG for encrypting files in source control. Since this is the only relevant thing I could find when searching that error from Google, I'm adding this answer for posterity. Rather than General error this one says Connection timed out, but is otherwise the same:

gpg: error retrieving 'me@example.com' via WKD: 
Connection timed out
gpg: me@example.com: skipped: Connection timed out
gpg: somefile.txt: encryption failed: Connection timed out

The issue in this case was that when indoctrinating a new user using the blackbox_addadmin command, the user committed an update to the .blackbox/blackbox-admins.txt file, but did not commit their pubring.kbx file.

The solution was for the user to commit and push the uncommitted .kbx file

I got to this solution by adding Bash set -x statements to the Blackbox scripts to see what gpg commands were actually executing, then adding the -vv option as described in the answer by @mehdix

egherrmann
  • 31
1

I had the same error but slightly in a different situation (and on Windows :P).

I had an SSIS package with EXEC task with a command to execute gpg.exe. Everything was working fine in the cmd.exe. However, I had the above error when I was trying to run a job with this package in the SQL Server job.

The solution was to run the GPA program as db_agent user and then I saw that there was no related public key for this user. So adding key for another user helped.

Monic
  • 111
1

The other answer to this is there could be an expired sub-key as well. Just renew the expiration date on that one.

rhawk301
  • 11
0

I solved this by generating a public key for forme@example.com using the command gpg --full-generate-key

You can read more about generating gpg key here --> https://mikeward.net/passwords/pass-a-ridiculously-great-password-manager-intro/

Bello Tomi
  • 101