Help: gpgsm: can't sign using 'email@gmail.com': No public key

atod · May 11, 2025, 6:16am

I can’t sign using my public key which --list-keys shows. Does anyone have a solution or pointers on how to debug this further?

Is it because --list-keys shows 0 for signed keys?

$ echo "signme" |gpgsm -s -u email@gmail.com
gpgsm: can't sign using 'email@gmail.com': No public key

$ gpg2 --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2028-03-15
[keyboxd]
---------
pub   ed25519 2025-05-11 [SC] [expires: 2031-05-10]
      XD
uid           [ultimate] X <email@gmail.com>
sub   cv25519 2025-05-11 [E] [expires: 2031-05-10]

bernhard · May 12, 2025, 6:38am

Hi @atod,

try to list the secret key parts, with

gpgsm --list-secret-keys

and also see more output, e.g. adding --verbose once or twice to your commands.

Note that for CMS signature to work, the root certificate has to be installed and trusted, which means trusted by dirmngr as well. So looking at the dirmngr logfiles usually gets you important information.