I’m having issue getting the gpg command line to work. If I sign and encrypt a file in Kleopatra, it works fine. When I try and do the same using command line, the file doesn’t decrypt properly. Example of CLI:
“C:\Program Files (x86)\GnuPG\bin\gpg” --pinentry-mode loopback --batch --default-key KEY1 -o D:\MyPath\MyFileName.ext -se -v -r KEY2 D:\MyPath\MySourceFile.ext
In the UI if I:
Choose MySourceFile.ext as the source
Check the “Sign as” using KEY1
Uncheck Encrypt for me
Check Encrypt for others using KEY2
Set output to: D:\MyPath\MySourceFile.ext
The output file is encrypted and can be decrypted by the holder of KEY2.
Using the command line, KEY2 owner can NOT decrypt file.
Is there a way to see what command the UI is issuing?
I have similar CLI commands that are able to be decrypted at the other end, using different KEYs.
Is KEY1 protected by a password? If yes, you have to pass the password via the parameter --passphrase or --passphrase-file (which is of course not recommended for security reasons)
It wasn’t but it is now and I have added the --passphrase “Phrase” to my command line.
I have also changed the -r KEY2 to be -R KEY3 which is another public key I have and I was able to decrypt that file. Using:
gpg --batch -u KEY3 -o D:\MyPath\MySourceFile2.ext -se -v -r KEY2 D:\MyPath\MyFileName.ext
The most obvious reason for this would be how do you provide KEY2 do you provide it by fingerprint (as recommended) or by a UserID. Maybe when you provide it with a UserID it does not select the same key you would expect from the UI.
After you have encrypted the message try decrypting it on the command line with the additional parameter --verbose. This will show you to which keys the message is encrypted to.