GPG decryption complains about missing secret key

I successfully set up my Nitrokey (Pro) for use with GPG (2.1.8). There are separate subkeys (both 4096bit RSA) on the device for encryption and signing.
And while sending works fine, now that I have received my first encrypted mail I find that I cannot decrypt it.

gpg: encrypted with 4096-bit RSA key, ID E3AE1976, created 2015-09-18
gpg: public key decryption failed: Missing item in object
gpg: decryption failed: No secret key

I have tried unplugging and replugging the device, as well as killing gpg-agent.

A quick search brought me to this [GnuPG2 decryption problem) old post which is supposed to have been fixed.

Can anyone confirm or disconfirm that it should work? Is there any known workaround? As far as I know there is no way to extract the secret key from the device in order to make it work without it for the meantime?

All the best

i can confirm this error with gpg2 (2.0.26) on Debian with an 4096 key on NitrokeyPro:

gpg2 -d xyz.gpg gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent. gpg: WARNING: GnuPG will not work properly - please configure that tool to not interfere with the GnuPG system! gpg: selecting openpgp failed: Nicht unterstütztes Zertifikat gpg: verschlüsselt mit 4096-Bit RSA Schlüssel, XYZ gpg: Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: Nicht unterstütztes Zertifikat gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel

Although with gpg 1.4.18 (same command) it works via command-line PIN without problems.

Isn’t that related to:

a Gnome-problem ?


I don’t see how #1656 should be related. This conversation is continued at the GnuPG User mailinglist: … 54345.html