Restoring GPG backup

trout420 · 2024-01-10 03:05:29

I recently installed arch after moving from arco. Before installing I backed up my home directory, and have since restored it. Within the backup was my .gnupg directory which contains my public and private keys. From what I have read online, copying the .gnupg directory to the new install should be enough to restore the back up and have access to my keys, however when I run

 gpg --list-secret-keys

there is no output, and trying to decrypt a password in my restored pass database gives the error

gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key

Is there anything I can do to remedy this situation or are my keys lost forever?

Thanks!

V1del · 2024-01-10 07:58:14

Are you using the same UID/GID for both users (the one you have now and the one you used to have) note that the name is irrelevant, the number values are what define access here/check that the owners of the files match.

trout420 · 2024-01-10 18:59:24

I did see some things mentioning permissions during my search so I ran a

 chown -R x:x ~/.gnupg

on the new system, where x is my user on the new system. That did not fix the errors.

seth · 2024-01-10 20:58:18

V1del wrote:

the name is irrelevant

Are you using the same UID/GID for both users (the one you have now and the one you used to have)

trout420 · 2024-01-10 21:06:13

Right thats why I ran the chown command on the new install, to change the uid/gid on the files in the .gnupg directory to be correct for the user on the new install.
Running ls -n on the restored, chowned folder and the original back up says the uid and gid for both are 1000.

Last edited by trout420 (2024-01-10 21:06:39)

seth · 2024-01-10 21:15:58

gpg -v --list-secret-keys

In doubt you'll have to strace it

strace -f -o /tmp/gpg.strace gpg --list-secret-keys

trout420 · 2024-01-11 23:04:06

verbose output did not provide anything useful but after scanning over the strace I have a better idea of the issue. the line:

      0.000073 access("/home/x/.gnupg/secring.gpg", F_OK) = -1 ENOENT (No such file or directory)

makes me believe that gpg is looking for my secret keys in the secring.gpg file, but this file has been deprecated since gpg 2.1 according to this https://www.gnupg.org/faq/whats-new-in- … #nosecring. I do have a private-keys-v1.d folder containing two .key files but at this point I am unsure how best to remedy this situation. I checked the version of my gpg and it is 2.4.3, so I don't know why it is looking for the secring.gpg file. A quick look at the config options for gpg also does not seem to have a way to specify using the directory instead.

Here is the full output of my strace https://0x0.st/HIVq.txt

seth · 2024-01-11 23:22:38

To ease the migration to the no-secring method, gpg detects the presence of a secring.gpg and …

explains the stat.

gpg now also delegates all private key operations to the gpg-agent. Thus there is no more code in the gpg binary for handling private keys

ps aux | grep gpg-a

Edit: can you btw. gpg --export-secret-keys ?

Last edited by seth (2024-01-11 23:23:21)

trout420 · 2024-01-11 23:27:37

The output of ps aux confirms that I have gpg-agent running,

 /usr/bin/gpg-agent --supervised

Running

 gpg --export-secret-keys

yeilds only the following warning

 gpg: WARNING: nothing exported

seth · 2024-01-11 23:38:24

Did you reboot after your UID/GID fixes?

You could alter /usr/lib/systemd/user/gpg-agent.service and add "--log-file /tmp/gpg-agent.log --debug-level advanced"

trout420 · 2024-01-11 23:46:25

yes I have rebooted since then. I added the debug flags to the service rebooted, and then ran

 gpg --list-secret-keys

here is the log 0x0.st/HIVQ.txt. Nothing immediately jumps out at me as a cause of the issue, in fact it looks like the gpg-agent is running fine...

trout420 · 2024-01-12 00:43:17

After a lot more digging I recopied my back up and it just worked...
not sure what went wrong.

seth · 2024-01-12 08:19:09

You probably don't have records of the previous (broken) file/directory owner/permissions and sizes?

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Arch Linux

#1 2024-01-10 03:05:29

Restoring GPG backup

#2 2024-01-10 07:58:14

Re: Restoring GPG backup

#3 2024-01-10 18:59:24

Re: Restoring GPG backup

#4 2024-01-10 20:58:18

Re: Restoring GPG backup

#5 2024-01-10 21:06:13

Re: Restoring GPG backup

#6 2024-01-10 21:15:58

Re: Restoring GPG backup

#7 2024-01-11 23:04:06

Re: Restoring GPG backup

#8 2024-01-11 23:22:38

Re: Restoring GPG backup

#9 2024-01-11 23:27:37

Re: Restoring GPG backup

#10 2024-01-11 23:38:24

Re: Restoring GPG backup

#11 2024-01-11 23:46:25

Re: Restoring GPG backup

#12 2024-01-12 00:43:17

Re: Restoring GPG backup

#13 2024-01-12 08:19:09

Re: Restoring GPG backup

Board footer