Decrypt OpenPGP with Passphrase Only

TL;DR

Yes, you can decrypt an OpenPGP message if you have the passphrase used to protect your private key. The passphrase unlocks access to the key itself, which is then used for decryption. You’ll need GnuPG (GPG) installed.

How to Decrypt an OpenPGP Message with Just the Passphrase

1. Install GnuPG: If you don’t have it already, install GnuPG. On most Linux distributions:

   sudo apt-get update && sudo apt-get install gnupg

   On macOS (using Homebrew):

   brew install gnupg

   On Windows, download from the official GnuPG website.

2. Ensure Keyring is Accessible: Your private key needs to be in your keyring. If you imported it previously, it should already be there. If not, import the key file:

   gpg --import /path/to/your/private_key.asc

3. Decrypt the Message: Use the gpg -d command to decrypt the message. GPG will prompt you for your passphrase.

   gpg -d /path/to/encrypted_message.txt > decrypted_message.txt

   Replace /path/to/encrypted_message.txt with the actual path to your encrypted file, and decrypted_message.txt with where you want to save the output.

4. Enter Your Passphrase: When prompted, enter the passphrase that protects your private key. Be careful – incorrect passphrases will not work, and repeated failed attempts may lock the key (see ‘Troubleshooting’ below).
5. Verify Decryption: Check the contents of decrypted_message.txt to ensure the message has been successfully decrypted.

Important Considerations

• Passphrase Security: Your passphrase is crucial. Keep it strong and secret! Do not share it with anyone.
• Key Management: Properly manage your private key. Backups are essential, but store them securely (encrypted, of course!).
• File Paths: Double-check the file paths you provide to GPG. Incorrect paths will lead to errors.

Troubleshooting

• “gpg: signing failed” or “No secret key”: This usually means your private key isn’t found in your keyring, or you’re using the wrong key ID. Ensure the key is imported correctly and that you specify the correct key ID if necessary (using --keyid).
• “gpg: AES decryption failed” or “Bad passphrase”: You entered an incorrect passphrase. Try again, being careful to type it accurately. Repeated failures may temporarily lock your key. If this happens, you might need to use the gpgconf --unlock-key command.

  gpgconf --unlock-key <your_key_id>

• Key is Locked: If your key is locked due to too many failed attempts, use the following command:

  gpg --emergency-unlock <your_key_id>

  This will require you to provide a revocation certificate if you have one.