First, I spent an hour trying answers with similar titles so please read this through before flagging this question as a duplicate.
I use a YubiKey to store my PGP private key using its smart card feature.
I confirm the private key works as I can connect to servers using SSH (which triggers pinentry-mac
).
$ cat .gnupg/gpg-agent.conf
enable-ssh-support
default-cache-ttl-ssh 60
max-cache-ttl-ssh 120
default-cache-ttl 60
max-cache-ttl 120
pinentry-program /usr/local/bin/pinentry-mac
The gpg: decryption failed: No secret key
error is thrown when the YubiKey smart card is not unlocked and I run gpg
commands.
$ gpg --decrypt /path/to/file.asc
gpg: encrypted with RSA key, ID redacted
gpg: encrypted with 4096-bit RSA key, ID redacted, created redacted
redacted
gpg: public key decryption failed: Broken pipe
gpg: decryption failed: No secret key
When the above error is thrown, connecting to a server using SSH triggers pinentry-mac
, I then ctrl+c
and run gpg --decrypt /path/to/file.asc
and pinentry-mac
is triggered.
What is going on here? How can I get gpg --decrypt /path/to/file.asc
to work without having to use ssh
first?
I am probably missing something!