I suggest that you start with acquiring a basic understanding of how the GPG/PGP system works. The system uses a “key ring” in which both public and private keys are stored. It refers to both of these keys by means of a 16-hex-digit “ID,” and an 8-hex-digit “short ID” which is simply the right-hand half of the first. There is also a “fingerprint” which consists of a string of 4-hex-digit groups. All references to keys are made by long or short ID.
It would appear either that the appropriate secret-key is not on the key-ring, or that at some point the Perl code does not know where to locate the key-ring file. Commands such as gpg --list-secret-keys should be able to show you what keys your system knows about. This is also how keys are managed on keyservers.
GPG is a sufficiently-different system, with its “web of trust” concept and so on, that you should pause and spend some time getting to know its mind-set. GPG implements the notions of code-signing and so forth without the assumption that there is, or ever could be, a central, über-trustworthy “certifying authority.” Thawte & Co. would have no money to earn from it.