Skip to main content
Documentation

Troubleshooting GPG

This article provides information about common GPG issues and how to troubleshoot them.

GPG Key is Expired

Expired GPG/PGP keys cannot be used. Replace the expired keys with updated keys.

File Too Large

Currently, files with a size greater than 2 GB are not supported for either encryption or decryption. Make sure that files are smaller in size than 2 GB prior to encryption or decryption.

Key Import Errors

The following are the most common errors when importing GPG keys incorrectly.

Key Has Expired

This error indicates that you are attempting to import an expired key.

An import error message of contains an invalid public key: key has expired indicates that the public key is expired. Expired public keys cannot be used to encrypt data and cannot be imported. Contact the key's provider and ask for a replacement unexpired key.

An import error message of contains an invalid private key: key has expired indicates that the private key is expired. Expired private keys cannot be used to sign or decrypt data and cannot be imported. Contact the key's provider and ask for a replacement unexpired key.

Password is Missing

The contains an invalid private key: Private key password is missing error message indicates that the private key you are attempting to import requires a password (passphrase) but you didn't provide the password.

Provide the password (passphrase) that was used to protect the private key.

Incorrect Private Key Password

The contains an invalid private key: Incorrect private key password error message indicates that the private key you are attempting to import requires a password (passphrase) but you didn't provide the correct one.

Provide the correct password (passphrase) that was used to protect the private key.

Password Not Required

The contains an invalid private key: Password present but private key does not require one error message indicates that the private key you are attempting to import does not require a password (passphrase) but you provided one.

Remove the password (passphrase) from the input form and re-try the import again.

Key Mismatch

When importing a key pair, the fingerprints of the public and private keys must match. If the fingerprints don't match then contact the key's provider and ask for a matching key pair.

The public key to private key mismatch error message indicates that you are attempting to import a key pair whose public and private keys do not correspond with each other.

Whenever possible, the error message will include details about the keys including the user ID (key owner) and fingerprint.

Keys are not required to be imported as pairs so you can import public or private keys independently. Only import a key pair together when they are a matching pair.

You can also double-check a key pair mismatch issue using the GPG command line application. Use the command gpg --list-packets <keyfile> to see details about a key. When comparing a private and public key, the output of this command will show matching keyid: and hashed subpkt 33 len 21 entries. If these values differ then the keys are not a matching pair.

Example cropped output for matching keys, showing the relevant sections containing the keyid: and hashed subpkt 33 fingerprint:

% gpg --list-packets PUBLIC_keyfile.pem
# off=0 ctb=c6 tag=6 hlen=3 plen=525 new-ctb
:public key packet:
	...
	keyid: 7EA2B584CEBEE146
# off=528 ctb=cd tag=13 hlen=2 plen=44 new-ctb
:user ID packet: "My Key <my.email@files.com>"
# off=574 ctb=c2 tag=2 hlen=3 plen=586 new-ctb
:signature packet: algo 1, keyid 7EA2B584CEBEE146
	...
	hashed subpkt 33 len 21 (issuer fpr v4 B852EA7705D7875D927681957EA2B584CEBEE146)
	...

% gpg --list-packets PRIVATE_keyfile.pem
# off=0 ctb=c5 tag=5 hlen=3 plen=1816 new-ctb
:secret key packet:
	...
	keyid: 7EA2B584CEBEE146
# off=1819 ctb=cd tag=13 hlen=2 plen=44 new-ctb
:user ID packet: "My Key <my.email@files.com>"
# off=1865 ctb=c2 tag=2 hlen=3 plen=586 new-ctb
:signature packet: algo 1, keyid 7EA2B584CEBEE146
	...
	hashed subpkt 33 len 21 (issuer fpr v4 B852EA7705D7875D927681957EA2B584CEBEE146)
	...

In the above output, the values for keyid: and hashed subpkt 33 len 21 must match for each key. Keys with differing keyid: values, or differing hashed subpkt 33 len 21 values, are not a matched pair.

Get The File Orchestration Platform Today

4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.

Start My Free TrialRequest a Demo

No credit card required • 7-day free trial • Setup in minutes