I try to decrypt file using following command:
gpg --batch --no-tty --yes --always-trust --primary-keyring /root/.gnupg/secring.gpg -o file.csv --passphrase -d file.csv.asc
It work fine, But when I run it in cron I get following error message:
gpg: expected public key but found secret key - must stop
What can I do to get it running in cron?
Don't point to a keyring, but a complete GnuPG home directory using --homedir /root/.gnupg. --homedir sets the directory GnuPG is searching all other files inside.
--primary-keyring file can only be used for public keyrings, which will not help you with decryption. From man gpg:
--primary-keyring file
Designate file as the primary public keyring. This means that newly
imported keys (via --import or keyserver --recv-from) will go to this
keyring.
Alternatively, you can use --secret-keyring file:
--secret-keyring file
Same as --keyring but for the secret keyrings.
I'm not sure whether you need this parameter anyway: if you're running this cron job as root user, $HOME should already be set to /root and GnuPG will find its home folder without further configuration. If you're not running the cron job as root, put the keys in another location (ie., the user's home directory); giving other users read- and possibly write access to /root is a potential security issue.