Could you please give us the output of gpg --version, just in case?

sorry - I should've included it:

seth@schroeder:~$ gpg --version
gpg (GnuPG) 1.4.20
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Hmm, I know 2.1's given us trouble before, but I don't remember any problems with 1.4. I'll have to stare at that error path for a little while...

The gpg install came from the GPGTools suite for Mac, if it matters.

So, I just tried again, and keybase is prompting me for the passphrase but isn't accepting what I use for gpg. Is there a different one to use?

Seth, can you send us gpg --list-packets < rory.txt? My guess is you don't have this particular GPG key registered with keybase, so keybase pgp decrypt can't decrypt rory.txt.

@maxtaco - sure. But I think the key signatures are the same (B37C 37DB - see second code block):

seth@schroeder:~$ gpg --list-packets < rory.txt
:pubkey enc packet: version 3, algo 1, keyid 22CE58DD73A4D513
    data: [4094 bits]

You need a passphrase to unlock the secret key for
user: "Seth <redacted>"
4096-bit RSA key, ID 73A4D513, created 2011-04-05 (main key ID B37C37DB)

:pubkey enc packet: version 3, algo 1, keyid 5A008680BDC0DD5D
    data: [2047 bits]
:encrypted data packet:
    length: 432
    mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID BDC0DD5D, created 2016-02-15
      "Rory <redacted>"
gpg: encrypted with 4096-bit RSA key, ID 73A4D513, created 2011-04-05
      "Seth <redacted>"
:compressed packet: algo=2
:onepass_sig packet: keyid 0736305E5E51F46F
    version 3, sigclass 0x00, digest 10, pubkey 1, last=1
:literal data packet:
    mode u (75), created 1455571644, name="",
    raw data: 66 bytes
:signature packet: algo 1, keyid 0736305E5E51F46F
    version 4, created 1455571644, md5len 0, sigclass 0x00
    digest algo 10, begin of digest 4d c8
    hashed subpkt 2 len 4 (sig created 2016-02-15)
    subpkt 16 len 8 (issuer key ID 0736305E5E51F46F)
    data: [2048 bits]

seth@schroeder:~$ keybase pgp select
▶ ERROR You already have a PGP key registered (AEE8 800B 11E4 C46A 25C4 8E83 8D86 D63C B37C 37DB)
Specify the `--multi` flag to override this check
seth@schroeder:~$ gpg -d rory.txt

You need a passphrase to unlock the secret key for
user: "Seth <redacted>"
4096-bit RSA key, ID 73A4D513, created 2011-04-05 (main key ID B37C37DB)

So I think my theory was right. You can import your second PGP into your local keybase keyring with keybase pgp select --multi

That didn't seem to work:

seth@schroeder:~$ keybase pgp select --multi
#    Algo    Key Id             Created   UserId
=    ====    ======             =======   ======
1    4096R   8D86D63CB37C37DB             Seth <seth@redacted>
2    4096R   0DB933422B87558D             Seth <seth@otherredacted>
Choose a key: 1
You've already selected this public key for use on Keybase. Would you like to update it on Keybase? [Y/n] y
▶ INFO Posting update for key aee8800b11e4c46a25c48e838d86d63cb37c37db.
▶ INFO Update succeeded for key aee8800b11e4c46a25c48e838d86d63cb37c37db.
seth@schroeder:~$ keybase pgp decrypt -i rory.txt
▶ ERROR decrypt error: unable to find a PGP decryption key for this message

and what if you try to select key #2?

On Mon, Feb 15, 2016 at 9:21 PM, Seth Bromberger [email protected]
wrote:

That didn't seem to work:

seth@schroeder:~$ keybase pgp select --multi

Algo Key Id Created UserId

= ==== ====== ======= ======
1 4096R 8D86D63CB37C37DB Seth seth@redacted
2 4096R 0DB933422B87558D Seth seth@otherredacted
Choose a key: 1
You've already selected this public key for use on Keybase. Would you like to update it on Keybase? [Y/n] y
▶ INFO Posting update for key aee8800b11e4c46a25c48e838d86d63cb37c37db.
▶ INFO Update succeeded for key aee8800b11e4c46a25c48e838d86d63cb37c37db.
seth@schroeder:~$ keybase pgp decrypt -i rory.txt
▶ ERROR decrypt error: unable to find a PGP decryption key for this message

—
Reply to this email directly or view it on GitHub
https://github.com/keybase/client/issues/2032#issuecomment-184477354.

Key #2 is for work and has never been used by Keybase, which is where my friend got the encryption. Nevertheless:

seth@schroeder:~$ keybase pgp select --multi
#    Algo    Key Id             Created   UserId
=    ====    ======             =======   ======
1    4096R   8D86D63CB37C37DB             Seth <seth@redacted>
2    4096R   0DB933422B87558D             Seth <seth@otherredacted>
Choose a key: 2
▶ INFO Bundle unlocked: 0DB933422B87558D
▶ INFO Generated new PGP key:
▶ INFO   user: Seth <seth@otherredacted>
▶ INFO   4096-bit RSA key, ID 0DB933422B87558D, created 2012-04-20
seth@schroeder:~$ keybase pgp decrypt -i rory.txt
▶ ERROR decrypt error: unable to find a PGP decryption key for this message

Ah, you're right that second key was a red herring, sorry about that.

One last favor, can you paste the output of:

gpg --export -a 8D86D63CB37C37DB

Weirdly, the key you have on keybase has a subkey equal to the primary, which should never happen... I wonder how that corrupt key showed up on our server.. Thanks!

(This outputs your public key only of course, and won't reveal any private key material)

No worries. I really appreciate your time on this:

seth@schroeder:~$ gpg --export -a 8D86D63CB37C37DB
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBE2bcKcBEACsW8P/t3tcxhuJNiGC0MTH22HUVtNfL/bHILlKMydPK4OE+jJF
fK8cGMoQI85K/qEkrD+CnJsFMJXuax4S0m+5eTaBTMYg2nB019mc5Dwb+idwCAhQ
qHnRppt3kWBm6lVrxqXtqTm7riQXRnqIOoNinFR0JTRZePZWJ+wCcryDzgmPSeS1
uU1Evo27wKPpc0lBxXRowdYfYVjKmIdphN73volSlisiU+kwV0gQXSntqZAbT5nd
IDb8WR8HPCzDNlk6jLZNzob4trkYJAPZXFCYaYqQl3zMyJNvUy4KAsmZasTTYWQi
dyztp0Ev2hqA1BOqTJCH0dweLdXz9qQfB6bnmv++3uk3mgzs0X5Uyll0ZZtAlzS/
9rys87cOvuJ21gp2k3dzcgdubpR6I3FhbWCph06j22sa47//WGCG/15nGsFxXlQz
4EG5hOrDlKlzTyeeoKYpBgLyAev/brEMuZFofnTp7mRznsV8KPJcOZLcRR8kTZ7+
Q6G3OAK8CPHtboT97UdWRMBJvsgyjx7hUXkwGNFgQ9q/lHMf9HSVex9NC/gbtr9e
/gflIt+Drn4pI9lw1CAOYNbCvKg8gVazX9zMIF9WzdY+qSFj5gn2+nIakZ4AVf4k
VAfhCkYvWgxmYW6dAPDDHSEC/U3Qv0u3ynsArWbaZfWS4XesBJQc1JtviQARAQAB
tCVTZXRoIEJyb21iZXJnZXIgPHNldGhAYnJvbWJlcmdlci5jb20+iQI4BBMBAgAi
BQJNm3CnAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCNhtY8s3w32zzi
D/4qxth+J+H8H4nUiylAaT+tvaklBrXSEPB0HiQXmSfBPZIH0d+UutyracLVSlSz
dtHHWAj/ZoKZuQ3BDp38UJ/AFdlwQ2P8aFtS4gxynau4iWlVRsbpC2bwnB+PuM5+
B/f9erlxzIIiaqsjQmhET2s0/8TK815f8ojAo4VDY5QqIFMlPIniZ+cDJEFfzQ5H
Sd4KuEJlVZtTCfzK9uDODUZVQWj1mRxVZ/fEizvgX8qX6yifEMQ7Cg4QQaB9bt68
fMZfy9EaCzadiQTXQjarXdPr0Vh36hsjz8IQ2TyG3+eVFR2BWENbqgAwgUa25/oY
ve1Z+Edg9p9EeLTCM0PXu6BlkM1p0fjdj2ZWdi+zuA/UO37LJbX4+v9APyZb7Hlr
tACvjyiElmomDiDg9HOcpBQjKBrZkZRb1hQUGkZzoYDb0UPIUvxXeq0w5IHeT9Av
Kl4zsuJEVYsOuDtxZJV7XrTmyEFJ1D6TzBLu6tX031uyCfZTg6r36UV8M358lYjX
1Zz29HR1jfm6QyEe7EpTCNM8JmktExGAP8T8voGOXgLVpFbuK27S9+HKaEuECYnk
UN3tyjSuzCfkQeulFe5sxxKOqe9oO9Fn0JlpYzZ1wKJjGyEs8srzHkFLz0dkGw44
0R7fA9hbfO0AGt5OAVhWxhuIKctAzk8CTA4WFMAS+pRV57kCDQRNm3CnARAA0p+C
41kDivkNHXDromd3O6HokWnGuiQyS5V87yjWYGZKPiy3zUNqEG/WHZsH0ZJfAQZC
3JhXMElR2or4IpgJzgOF3T8MQggAbHiGlsvn+EI/A3E5qcOYhEpHSP1BqTWaJls9
8+H1vrKuINkLf2ydOr6f53hZU/kvrF1CLxHhpxT/utEQiWB1UMkzN3FFTEneMFN+
Re+b8QBCSyBCQI2QWPX/E+XLilAP/SIFgkqj5335CQA0gjCTxFUo7H+qUkzq+h8F
7osxdRahrfFJHMKUyFj98C0Torug7SuVDGV7NzA0o+GV1rcBig6xAZHjfAwuzV/r
IkjquMHmB8/keJidwgoZLGXRUmmKzItbTNkg+xPIGEm0NXUIVljHv39R8qJi/xHK
9XkR9m/DgXdg/+wSM+iCt+2ae/tchMSDiE1R2taARdOJi7bI9uJZI2OOmRJ8cgkI
FXoI2lqD8feLlUkMx3m2yqRaaJqBodBgQjKk1YO4x5d/xmATr5XdbJcUCkyhpT5r
qHPURmBgsp4Zbr1lGVP3xiCiU30h9e8jGJGaNqF4WId6iB4Wjvt6BFRcAolP56c5
SsutE9/LhkL3mw909CZU59DKozsWbTq6W4IPgQB5nfIlp4JtVd0OmiEXKWcGMody
cMLoSAahBB28nrmmdw5HsuNFeaI/3NGe7mdhCvUAEQEAAYkEPgQYAQIACQUCTZtw
pwIbLgIpCRCNhtY8s3w328FdIAQZAQIABgUCTZtwpwAKCRAizljdc6TVE9NeD/9/
yAXNmk9+AVXDJ6QZtsdsfwrS16DSNSc6pUsTKXM+GEtHqa5tQtbUu5VL6SYXgirg
LzcMvmcu4m5gJd/ja5BgHbNLnLG3ppZ6Z7uOqBMY1RU8j7CJVs4gQ+qzt1hU37Zs
YCXYU48Mf1ncw0TkpEtjMkk8oB/fcoi0uutTEhhz0s8WVW0F0K1WPkMllrpm/6ZC
jNrHt6+yvUOL28y0h2xomgp5GcIJujPgI2ErIRjhsOA0Dqmu8kuD/XXpUvzFcJvM
rYkefiNqsLID1oW0VE47bGkO5nyfxA46vWeszFpIxOLbu3W7QvVuNDdkU1cCkeBp
nKHXo37SeV8ZVnI/7vDGhXPxS7cHn5nnxmKw7uG9Wom/fa1V8sBrvG0tPBN/3HEb
khiWZ44GsA18jIoaQMECXmgpzd1dKr5J2eLpl++N1YBbJ86nE/tPb2GJqUh3UEA7
kbNQa8KqR3ZhvgWvvjTWEtCiqvued07hHNert1R8JwQQvBo/KRKKjzOO+btlEZ2x
SKSYEmdAPvMEEfZ3Ll6uma6Uk56KnGv2f+lrMlN9buiQJsDHUjQ2F3vtZbn7yIZr
1fqCB+oeXYdCVje8Wfvg3cXEtfAGRpRscP+Ycy2iagqoZFmN8DGV5HhUHdb70sOv
BmC3NTEmYT/ey2TStrjBl8UF/J/NOUPfV/sXSIA2XS7GEACadQYa52UEXPjrgUdc
GzPwq07tFwdKRc63nQnIcLKe52a4wpb/7KgsNUWDDzYbIBA+U1HBRoy2pHJW5cBI
DZEV6mD4228NywcyTTmsyO99vUvh/tSctaICHP7TLMEXaRfvlctjlfQCxr6na0SR
OLI/tXICrVLsQGQ8lhyfHy0mNkb2PiEGphpG+MlAaINyV0iriIVi4CM/hZaxuLd3
nvjWRUT8jpl2WNx2r9+lwvwvNyahL9qTe2r90ICmlhKf8cgk8C1e0mbbHvmt3gTo
wR7MjKWFhJ6zCBqBJZ6gGDCaY4Dp/gn0QXfb/mnr8Dhi+q5EMDFk9Zvk3al6aZmU
Wz6uoV34ONt35lQOyOrIgjbVios+XwpQVd5PJ/EfH0iqcv1DawUHxiumkGnQXADA
ojU8uSYXVgWIB66ma4vdvK+2bI26xWfyH0FOXAKS30jPxuTUKUCYIDr/Bnmx6glv
8pIJsi2GUfK4A8m8DoyFUwBwg4TZfGbfVEvmHZF3BigcTZQTsFSya+ObbT8EWCzz
9/UV9FV5qqaJ4NoX+Hap5lkqGSkzuIUSWaHIA154O+1Nm33DvjcrnZmQh/BoODh7
Eb8Xd8RzYYMWKOtF8cSJHHx1CMPcmBbAZGMzWd/05sqPY9Kx8HaIoNhGnoPa+GpT
AqX21uWThgcxCSksyRLVUvHE0A==
=3UJY
-----END PGP PUBLIC KEY BLOCK-----

My gpg keychain shows a subkey of 73A4D513.

Right, but weirdly, this output you just showed me shows no such subkey. Try gpg --export -a 8D86D63CB37C37DB | gpg --list-packets | grep 73A4D513. On that key you sent me, nice dice. Very weird.

Ack, I take it back! One scond...

seth@schroeder:~$ gpg --export -a 8D86D63CB37C37DB | gpg --list-packets | grep 73A4D513
    keyid: 22CE58DD73A4D513

Ok, well sorry to lead you down two dead ends. My current guess is that it's a bug in the Go OpenPGP crypto library (wouldn't be the first). However, this sort of thing is hard for me to debug since I don't have your private key. If I was going to start debugging it (no promises I can get to it right away), I'd maybe focus a little bit on what happens when you have a subkey with flags 2E, which is unusual. Usually people use RSA keys for encryption or signing, but not both. I'll make a ticket for it, but this seems like a pretty a obscure bug, so it might not be top priority. Thanks for all of your patience and feedback and help!

...ok, so what's your recommended course of action? Revoke and create new keys? (If so, what parameters?)

I would recommend just using gpg for now, what do you think?

I don't want to recommend trying a new key, because I'm slightly concerned it won't solve the problem!

Yeah, I can certainly do that. When you say "Usually people use RSA keys for encryption or signing, but not both", do you mean that people usually create two subkeys, one for encryption and one for signing?

Yes, or they use the primary key for signing, and the subkey for encryption. In fact, I don't believe GPG gives you the option to use the same subkey for both as of 2.0.x.

(BTW the flags are:

 key_flags : 
    certify_keys : 0x1
    sign_data : 0x2
    encrypt_comm : 0x4
    encrypt_storage : 0x8
    private_split : 0x10
    auth : 0x20
    shared : 0x80

So your subkey is sign_data | encrypt_comm | encrypt_storage | auth)

For instance:

gpg --edit-key [email protected]
gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  1024R/8DEF4F9B  created: 2016-02-16  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  1024R/09FB5927  created: 2016-02-16  expires: never       usage: E   
[ultimate] (1). Test 7 Key <[email protected]>

gpg> addkey
This key is not protected.
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)

OK, but creating a key within the gpg keychain app creates keys with exactly the same properties I have now.

also, looking at keys that I'm tracking, Chris Coyne's key capabilities are the same as mine.

...as are yours :)

Hah, right you are! We generated these keys a while ago. Should update...

So now I don't have any great theories unfortunately. PGP decryption works for me...

OK, I stopped / killed all keybase processes and restarted. Now when I do a keybase pgp decrypt -i rory.txt, I get the following dialog (with the depicted error message when I enter my passphrase for the key):

(and I've verified the correct passphrase by enabling "show typing". I'm assuming this is the gpg passphrase I used when creating the key.)

I believe it wants your keybase passphrase, can you try that?

OK, sorry for the dumb question - what's my keybase passphrase? Is that the same thing I enter to sign in to https://keybase.io?

Yes. Our philosophy is "one passphrase for all of keybase." So when you import your PGP private key into your local keybase keychain, it's the same passphrase as when you log into the web site, etc.

ok, that got rid of the dialog box but I'm still getting ▶ ERROR decrypt error: unable to find a PGP decryption key for this message. Oh well - thanks again for all the help.

I have the same issue after upgrading keybase to version 1.0.14-1. This works for me:

$ gpg --decrypt < encrypted_file

but this gives an error:

$ keybase pgp decrypt -i encrypted_file
▶ ERROR decrypt error: unable to find a PGP decryption key for this message

I have selected my only PGP key with keybase:

$ keybase pgp select
▶ ERROR You already have a PGP key registered (***<censored>***)
Specify the `--multi` flag to override this check

Try:

keybase pgp select --only-import

@maxtaco - that worked for me, anyway! Thanks. Should I close this or wait for @valo to confirm?

I had the same issue, and keybase pgp select --only-import worked for me too. I will note that I had multiple encryption subkeys.

When I try keybase pgp select --only-import I get:

▶ ERROR ImportKey error: GPG error: exit status 2

keybase version 1.0.23-20170522181119+8a8aea0
gpg (GnuPG) 2.1.21

If I try using gpg2 directly on the command line, it works.

@westonruter can you do keybase log send?

@maxtaco log id 961283e4af1a8b623747071c.

thanks, cc to @zapu for the triage

hello @westonruter , thanks for using Keybase!

importing seems to fail with:

gpg: key ...: error receiving key from agent: End of file - skipped
gpg: key ...: error receiving key from agent: End of file - skipped
gpg: ATENCIÓN: no se ha exportado nada

would you mind describing your setup so I can see what we are compatible with and what might be causing problems? Thanks

@zapu I'm on OSX 10.12.5. I installed Keybase via the OSX installer. Keybase PGP has worked up until recently, and the only thing I think changed was a Keybase app update. When Keybase stopped working, I installed gpg2 via Homebrew yesterday, and I can use gpg2 directly with the keys I have in ~/gnupg/pubring.gpg.

Can you show of which gpg2 ?

Also can you verify that they keys would actually export with gpg2 invoked manually? Carefully, without anyone looking or anything sniffing, try gpg2 --export-secret-key -a (careful, your secret key will be printed out if that succeeds).

Thank you and sorry for the inconvenience.

Yes:

$ which gpg2
/usr/local/bin/gpg2

$ readlink $(which gpg2)
../Cellar/gnupg/2.1.21/bin/gpg2

$ gpg2 --export-secret-key -a
-----BEGIN PGP PRIVATE KEY BLOCK-----
...

Hello,

I am facing a similar issue, but I could not solve it even with the help of above thread

your log ID : 591bbb04059392d8e9db9b1c

keybase pgp select --only-import does not work for me and I am on version
keybase --version
keybase version 4.6.0-20191010081014+134c2d892b

I have the public and private key but I seem to get an error

terraform output password | base64 --decode | keybase pgp decrypt
▶ ERROR decrypt error: unable to find a PGP decryption key for this message

I got through my encrypted output but I get an error when I try to decrypt

terraform output password | base64 --decode | keybase pgp decrypt
▶ ERROR decrypt error: unable to find a PGP decryption key for this message

upon checking

keybase pgp list
Keybase Key ID: uiyftgioruyghjeiruyghejiuytghjiuytghj
PGP Fingerprint: lmnop
PGP Identities:
abc xyz abc@opl.com
I have a public key keybase pgp export --unencrypted --query lmnop -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: https://keybase.io/download Version: Keybase Go 4.6.0 (darwin)

xsFNBF2g0BcuytfvbjfdsertyhbvcxsdtyjkloiuhEamMxbD1Hhcz3GWA+op8Pal
............wieuyjhgbnkuygfvbnkiuygfvbjkliugh
but I do not have a private key

keybase pgp export -s --unencrypted --query lmnop
▶ ERROR No matching keys found
I wanted to restart and test and did

keybase pgp purge -p
I think that was a bad idea. I am still stuck at the same point.

I try to create a new key, and fill in all the details I get an error

keybase pgp gen
▶ ERROR You already have a PGP key registered (CHS6 AKDU WFRE 2343 0986 MADH ZOOO BOOO
ROOO FOOO) Specify the --multi flag to override this check

I then created a new key using

keybase pgp gen --multi
I now have 2 keys, my second key has a private and a public key. I used

key = "keybase:nameof2ndkey"
terraform init
terraform plan
terraform apply

output
password = uytfdxcvbnmnbvcxsertyujnbvcxzsdrtyujkliuytdcvbjkgfdsaertyjnbvcxsdtyjnbvcdrtyhjnbvcdftyjn
still does not decrypt with

terraform output password | base64 --decode | keybase pgp decrypt
▶ ERROR decrypt error: unable to find a PGP decryption key for this message
what can I Do ?

TIA