Decryption failed: One unknown recipient

Hi All - I’m totally new to this.

My colleague provided me instructions on installing Kleopatra. He also sent me the public key and private keys needed. I imported one public key that is needed to exchange with vendor, and then I imported another public key from my colleague, and is found under “my certificates”. Both are .asc files. And then after importing these, I imported a secret key (.gpg) file which my colleague provided too.

I have encrypted a file, and sent over to the vendor, and was successful. After which I received an encrypted file in return. I was trying to decrypt this file from the vendor, but I’m having the “one unknown recipient” error. I forwarded this file I received from the vendor to my colleague, and he was able to decrypt it.

We can’t identify what’s the difference between my Kleopatra’s set up, to his set up. All that I know of is that all public and secret keys came from him. Any idea?

Your public key, secret key and password are probably all fine. The very first time you receive an encrypted file from someone there is another level of security. You have to verify that the email it is comming from is the address you expected it to come from. Basically you have to say I trust this email address for this encryption key. I am surprised it did not ask you to verify (do you trust this sender?) in which case you could just answer Yes, once, and you are good after that. The person that sent you the keys to import probably already did that so he has no problem. Are you using Kleopatra or the the GPG.exe (or GPG2.exe)? I use the command line stuff only so I am not as familiar with the Windows front end but I remember always having to go through that first time setup for an encrypted file from a new source. Hope this helps, others can give more specifics on how with the front end.

Thank you so much Greg. But yeah, I did not have that prompt after decrypting the .gpg file received. I’m using Kleopatra too. I’m not pretty sure if it’s because I clicked on the “trust certifications made by this certificate” and chose full trust.

So you did this below?

You have to ensure the key is trusted. This may be the case if others signed the key and you trusted them. But this is very probable not the case. So you need to sign/confirm the key yourself.

  • Open Kleopatra
  • Find the key in tab “Other Certificates”
  • Right click the key to open the context menu
  • Here select “Confirm Certificate”
  • Now follow procedure indicated by the program.
    Note: That my kleopatra installation does not use English language, so menu entries I specify may have slightly different names. Note also that by confirming the key you say “I know this key is the key from Intevation”. Thats a bit of a lie. But at least you can restrict the lie to yourself during confirmation of the key.