Hello,
I recently reinstall windows and went from Windows 10 to Windows 11. With this I updated to the latest Kleopatra as well.
I forgot to save my backups, which wasn’t a huge deal so I created a new key pair and proceeded to import certificates.
When using notepad I cannot seem to encrypt to others. I click “Show Certificate List”, select the certificate (only 1 added at the moment) and I receive this error every time.
Hi @Shades,
it seems somehow the backend wants to encrypt to a (public) key that it does not have. Note that usually you encrypt towards the selected recipient, but also to your own (public) key.
As you have started on a fresh system, this should not be a problem. Maybe some configuration was transfered somehow?
To more systematically analyse the situation:
Can you, for testing reasons, encrypt via other means?
E.g. you can try to list the details of your certificates on the command line, try
gpg --list-keys
gpg --list-secret-keys
(do not post the result here, just make sure that it shows the keys as you expect it).
We are talking LibrePGP/OpenPGP here, aren`t we?
Then you can try to encrypt and see more diagnostic output, e.g.
gpg --verbose --encrypt --recpient RECIPIENTKEYCODE test.txt
(replace RECIPIENTKEYCODE with the fingerprint of the recpient’s pubkey and use any test file you have.)
Best,
Bernhard
Hi,
with “latest Kleopatra” you mean Gpg4win 4.4.1?
I checked with that version how it would be possible to get the message “No matching certificates or groups found” after choosing a certificate.
I found that this will happen when you select an expired certificate but only after showing “This certificate is expired” first. If you then switch to an empty “encrypt for others” line, the “No matching …” error is shown. (Which is a confusing message in this case and I’ll notify the developers.)
Might this be the explanation for your issue? Is the certificate in question expired?
Encrypting to expired certificates is not supported.
Yes Gpg4win 4.4.1
I checked the certificate and it has a valid from date but no valid until date, I assume this indicates it doesn’t expire or is this where the issue lies?
Ok so listing the certificates it shows what I would expect - mine and the other other one I have I’ve added thus far.
When issuing the 2nd command and replacing RECIPIENTKEYCODE with the fingerprint of the recipients pubkey I get this:
OK, the main key has no expiration date, it can not expire.
But have a look at the subkeys. It could be that only the encryption subkey has expired.
In Kleopatra, double-click to open the details and then go to the subkey tab.
@Shades, thanks for the test.
(@eebb thanks for the test.)
The question is: Why is the certificate unusable, if you give the command a second --verbose and read carefully, you may get a hint at the reason.
gpg --verbose --verbose --encrypt --recpient RECIPIENTKEYCODE test.txt
(if you want to post the results it here, remove personal data)
Ah yes, you are correct the subkey that encryption is expired.
Stupid question but this is on their end, correct? I cannot find an option to extend on someone else’s key other than my own.
yes correct, the owner of the secret key needs to do that. And after that they have to export the certificate again and distribute it.
I believe they used an older Gpg4win version to extend the key after it was already expired. We had a bug there a while ago, where the subkey was not extended in that case.