When you attempt to decrypt a file or email, you receive the error message:
It is not possible to decrypt this message because your keyring does not contain usable private key(s)...
This article describes several common scenarios in which this error might occur, and points to other answers that provide possible resolutions. To begin, you should determine whether Symantec Encryption Desktop (PGP Desktop) actually has your keypair. This can be done by just looking at your key's icon.
The underlying cause of this error message is that Encryption Desktop (previously PGP Desktop) does not have access to the private key needed for decryption. This could be due to any of the following:
In order to decrypt with any PGP Key, be it your own key, a corporate Additional Decryption Key, Organization Key, etc., you need to have the private key in your local keyring. Not only do you need the private key, but you need to make sure the proper Key ID that was used to encrypt matches that of the key you would like to decrypt with.
For example, if you open the key properties, you will notice a Key ID with the convention of 0xABCD1234. Check with your recipient and ask them which Key ID they used to encrypt.
Next, check your own keyring and see if you have the corresponding Private key to decrypt.
An easy way to tell if you have a keypair is by looking at the Icon in question. Consider the following two examples for illustrating this requirement:
Example of a public key by looking at the icon in your keyring
The following screenshot shows that the key is only a public key:
Notice the icon is a single key. This means the key is only a public portion, and cannot be used to decrypt any data.
The screenshot below shows that the key includes both a public key and a private key, or a "Keypair":
In the screenshot above, notice that there are two key icons. One with a blue tip, and one behind that key, indicating you have the private key or Keypair. This key can be used to decrypt as long as the proper Key ID was used to encrypt.
Important Tip: If you go to export your key make sure you check the box "Include Private Keys". If you don't check this box, then only the public portion will be exported, which cannot be used to decrypt:
Scenario 1: Only Public Key will be exported (No Key Pair):
Scenario 2: Keypair (Both Public and Private Keys will be exported.
This option is required if you intend to use this key to decrypt. If you don't have the option to include private keys, then this means you have only the public portion of the key and you will need to locate the keypair either with another .asc file or from a different location.
The following are the steps to help you with this process: