decrypt encrypted gpg file using external secret key

Question

I encryptd a file using gpg, now I want to decrypt the file.

Is there any way to decrypt the file without need to import the secret file?

We have the secret key in a file called key.sec; can we pass the secret file to gpg as a parameter (when we run the decrypt command from the bash command line) to use when decrypting the encrypted file? Or must we import the secret key then decrypt the encrypted files?

Answer 1

You have to import the secret key to use it but the way that secret keys are managed by GnuPG version 2.x has changed. There is a gpg-agent daemon that handles secret keys access and its use is mandatory from version 2.1.

Here is a way that you can quickly create a temporary keyring to decrypt with a secret key that is contained in a file:

$ mkdir -m 700 ~/.gnupg-temp
$ gpg --homedir .gnupg-temp --import key.sec
$ gpg --homedir .gnupg-temp -d an_ecrypted_file

If you want to clean up afterwards, stop the agent and remove the directory:

$ gpg-connect-agent --homedir .gnupg-temp KILLAGENT /bye
$ rm -r ~/.gnupg-temp

There used to be an option --secret-keyring about which the documentation for version 2.1 has this to say:

This is an obsolete option and ignored. All secret keys are stored in the private-keys-v1.d directory below the GnuPG home directory.

The private-keys-v1.d directory (wthin the --homedir or ~/.gnupg) is owned and operated by the agent.