I suggest that you start with acquiring a basic understanding of how the GPG/PGP system works.   The system uses a “key ring” in which both public and private keys are stored.   It refers to both of these keys by means of a 16-hex-digit “ID,” and an 8-hex-digit “short ID” which is simply the right-hand half of the first.   There is also a “fingerprint” which consists of a string of 4-hex-digit groups.   All references to keys are made by long or short ID.

It would appear either that the appropriate secret-key is not on the key-ring, or that at some point the Perl code does not know where to locate the key-ring file.   Commands such as gpg --list-secret-keys should be able to show you what keys your system knows about.   This is also how keys are managed on keyservers.

GPG is a sufficiently-different system, with its “web of trust” concept and so on, that you should pause and spend some time getting to know its mind-set.   GPG implements the notions of code-signing and so forth without the assumption that there is, or ever could be, a central, über-trustworthy “certifying authority.”   Thawte & Co. would have no money to earn from it.