gpg: decryption failed: No secret key

I also received blank output from the same 2 commands:

gpg --list-secret-keys
gpg --list-keys

I had reason to suspect this was to do with recent changes to the ~/.gnupg/pubring.kbx file, which lead me to run the following 2 commands to re-import missing keys:

Re-import missing secret keys:

gpg --import < ~/.gnupg/secring.gpg

Re-import missing public keys:

gpg --import < ~/.gnupg/pubring.gpg

• Documentation for above commands: https://gpgtools.tenderapp.com/kb/faq/missing-keys-after-migrating-to-gnupg-22#missing-secret-key-s-and-or-public-keys
• Broken pubring.kbx: https://gpgtools.tenderapp.com/discussions/nightly/1415-gpg-keychain-broken-pubringkbx-file

This message can also happen if your pinentry program isn't working properly, and thus gpg can't get the passphrase to unlock the decryption key. This has happened to me a couple of times. If this is the case, gpg -d -v will appear to select the correct key and then just hang for a while before giving up. This is it waiting for the pinentry that never actually returns.

The steps depend on your specific environment, but checking (or creating) the pinentry-program option in ~/.gnupg/gpg-agent.conf is a good place to start. In my case (on OS X with Homebrew-installed gpg and pinentry-mac) I had to create that file with the following contents:

pinentry-program /usr/local/bin/pinentry-mac

And then run gpgconf --kill gpg-agent to reload the configuration (gpg-agent should automatically restart).

You will likely need to adjust the path above for whatever your preferred pinentry program is. locate pinentry may be helpful to find what options you have installed, or which your-pinentry-program-here will tell you the full path if you already know the name.