FAQ for GnuPG VS-Desktop users

This is a list of frequently asked questions from users.

We have also created a collection of FAQs for questions from administrators.

Encryption with public keys or certificates

Decryption failed: No secret key

This error message is received if the person who encrypted the file forgot to add a recipient.

Ask the sender to encrypt the file again and this time enter your certificate in the "Encrypt for others" line in the file encryption dialog.

Encryption failed: Unusable public key

This message appears when trying to encrypt to a group if at least one certificate contained in it has been only partially renewed. This occurs when an already expired certificate has been extended with Kleopatra from GnuPG VS-Desktop up to and including 3.1.26 (see also developer ticket https://dev.gnupg.org/T6473).

In the certificate list, the certificate is shown as valid, but since the subkey for encryption has not been extended, it cannot be used for this purpose.

The owner of the affected certificate must do the following to renew it:

Double-click on your key in Kleopatra's certificate list and then click on "more details" at the bottom left in the new window. In this detail view, you should see "correct" in the first line of the status column and "expired" in the second line in your case.

Then please right click on the 2nd line and select "change expiration date".


Now select as expiration date the same as in the first line and click OK.


Now both subkeys have the same expiration date and everything works as usual again.


You can test this by encrypting a message to yourself.

Finally you have to export the certificate and send it to your communication partners.

Certificate is no longer offered for encryption after renewal.

The affected certificate is shown as valid in the certificate lists, but is not displayed for selection in file encryption or in Outlook. The problem occurs after renewal with Kleopatra from GnuPG VS Desktop up to and including 3.1.26.

For the solution see "Encryption failed: unusable public key", it is the same cause.

No recipient can be selected for file encryption


If you are unable to select a recipient in the file encryption dialog because the field is grayed out, it is because this is disabled in Kleopatra's settings. In the Crypto Operations tab of the preferences, the "Use symmetric encryption only" option is enabled:


Disable it to be able to select recipients again.

Password based encryption

Decryption failed: Wrong passphrase

You have entered the password (passphrase is just another word for it) incorrectly. Please check it again. Maybe you copied a space by mistake when copying the password? Also pay attention to lower and upper case.

If it is a password generated by GnuPG VS-Desktop, it consists of 30 characters from this character set:


(So the 0, the 2, the l and the v are not included).

Displayed spaces in passwords generated by GnuPG VS-Desktop are for better presentation only; do not include them when typing.

GpgOL related

"Not all attachments can be shown" - message

The mode of operation of GpgOL causes the size of a mail to temporarily approximately double. (Both encrypted and decrypted version are attached to the mail object in parallel.)

If the configured mail size is exceeded, GpgOL displays as many attachments as possible and notifies the user with the message above.

It depends on the setting of the Exchange server's configuration option for mail size and the compression of the mail encryption when the conditions are met. As S/MIME encrypted messages are not compressed, the size where the issue starts to occur is generally lower than with OpenPGP encryption.

As a workaround we recommend to drag & drop the mail into the filesystem and then double-click on it to open and decrypt. You could also increase the size limit in Exchange, if this happens often.