How to specify private key when decrypting a file using GnuPG?

I am trying to decrypt a file with GnuPG, but when using the command below:

gpg --decrypt filename.gpg

I get the following message:

gpg: encrypted with RSA key, ID 3662FD5E
gpg: decryption failed: No secret key

I already have the private key with which the file has been encrypted, but I am not sure how can I specify it. Is there any option I can include when doing the decryption to point to this key?


Solution 1:

I already have the private key with which the file has been encrypted, but I am not sure how can I specify it.

I understand this as "I've got a file containing the private key, but do not know how to tell GnuPG to use it".

GnuPG requires keys (both public and private) to be stored in the GnuPG keyring. This is as easy as

gpg --import [keyfile]

Afterwards, you should be able to decrypt the file exactly the way you already tried.

Solution 2:

bash-4.2$ gpg --import b_secret.key
gpg: key 23E7859B: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1
bash-4.2$ gpg --decrypt b_txt.asc
gpg: key 23E7859B: secret key without public key - skipped
gpg: encrypted with RSA key, ID 04702E37
gpg: decryption failed: secret key not available

Solution 3:

You don't need to expressly declare the secret key in the gpg decrypt command. If the keypair- both Public AND Private keys- as Jens states are present on the keyring on the host where you're decrypting, GPG will automagically determine the secret key required for decryption and present a password challenge.

HOWEVER if you wish to try all (non-cached) keys (maybe you're testing a file encrypted with multiple keys), using the switch --try-all-secrets will cycle through all the secret keys on your keyring trying them in turn. ie:

gpg -d --try-all-secrets test-gpg.txt.asc

HTH- Terrence