Your public key, secret key and password are probably all fine. The very first time you receive an encrypted file from someone there is another level of security. You have to verify that the email it is comming from is the address you expected it to come from. Basically you have to say I trust this email address for this encryption key. I am surprised it did not ask you to verify (do you trust this sender?) in which case you could just answer Yes, once, and you are good after that. The person that sent you the keys to import probably already did that so he has no problem. Are you using Kleopatra or the the GPG.exe (or GPG2.exe)? I use the command line stuff only so I am not as familiar with the Windows front end but I remember always having to go through that first time setup for an encrypted file from a new source. Hope this helps, others can give more specifics on how with the front end.