Hi Debbie-- On 06/29/2009 09:12 AM, deborah.mitch...@uticanational.com wrote: > We have imported a public key from a business partner but when trying to > use it to encrypt a file we receive an error, "unusable public key" > > When I list the keys I see the pub and uid but no sub for this key. Can > someone help me figure out what needs to be done to correct this?
There are a couple different possible reasons why the key might be unusable. Without knowing about the specific key in question, we probably can't give you specific advice. But here are a few likely possibilities: * the public key is marked as being only valid for signing and certification, but not encryption. (you can see this by doing: "gpg --edit-key $KEYID", which will show you something like this: pub 2048R/ABCD1234 created: 2007-06-02 expires: 2012-05-31 usage: SC trust: unknown validity: full (you can type "quit" at the "Command>" prompt to get out of this gpg mode) the "usage: SC" (at the end of the top line means "signing and certification only". If this is the case, your correspondent will need to create an encryption-capable subkey and bind it to their primary key. They can do this with "gpg --edit-key $KEYID", and then use the "addkey" subcommand, which will walk them through the necessary steps to create an encryption-capable subkey. Once they've done this, they should get their updated key to you. the easiest way to do this is to publish the updated key to the keyserver. so they would do: gpg --keyserver keys.gnupg.net --send $KEYID and you (after waiting about 10 minutes for the key to propagate across the entire keyserver pool) would then do: gpg --keyserver keys.gnupg.net --recv $KEYID If they don't want their key on the keyserver, they can export their key to a file and mail it to you: gpg --armor --export $KEYID and paste the output into an e-mail. When you receive that e-mail, just save it to a file, and feed it into "gpg --import" (e.g. "gpg --import saved-file.txt") * another possibility is that the key or its subkeys are expired. In this case, the keyholder may need to update the expiration date on their key (if it's still secure), or they may want to generate a new key and send it to you (preferably certified by the old key), so you can verify it. hope this helps, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users