You are not logged in.
Pages: 1
I recently installed arch after moving from arco. Before installing I backed up my home directory, and have since restored it. Within the backup was my .gnupg directory which contains my public and private keys. From what I have read online, copying the .gnupg directory to the new install should be enough to restore the back up and have access to my keys, however when I run
gpg --list-secret-keys
there is no output, and trying to decrypt a password in my restored pass database gives the error
gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key
Is there anything I can do to remedy this situation or are my keys lost forever?
Thanks!
Offline
Are you using the same UID/GID for both users (the one you have now and the one you used to have) note that the name is irrelevant, the number values are what define access here/check that the owners of the files match.
Offline
I did see some things mentioning permissions during my search so I ran a
chown -R x:x ~/.gnupg
on the new system, where x is my user on the new system. That did not fix the errors.
Offline
the name is irrelevant
Are you using the same UID/GID for both users (the one you have now and the one you used to have)
Offline
Right thats why I ran the chown command on the new install, to change the uid/gid on the files in the .gnupg directory to be correct for the user on the new install.
Running ls -n on the restored, chowned folder and the original back up says the uid and gid for both are 1000.
Last edited by trout420 (2024-01-10 21:06:39)
Offline
gpg -v --list-secret-keys
In doubt you'll have to strace it
strace -f -o /tmp/gpg.strace gpg --list-secret-keys
Offline
verbose output did not provide anything useful but after scanning over the strace I have a better idea of the issue. the line:
0.000073 access("/home/x/.gnupg/secring.gpg", F_OK) = -1 ENOENT (No such file or directory)
makes me believe that gpg is looking for my secret keys in the secring.gpg file, but this file has been deprecated since gpg 2.1 according to this https://www.gnupg.org/faq/whats-new-in- … #nosecring. I do have a private-keys-v1.d folder containing two .key files but at this point I am unsure how best to remedy this situation. I checked the version of my gpg and it is 2.4.3, so I don't know why it is looking for the secring.gpg file. A quick look at the config options for gpg also does not seem to have a way to specify using the directory instead.
Here is the full output of my strace https://0x0.st/HIVq.txt
Offline
To ease the migration to the no-secring method, gpg detects the presence of a secring.gpg and …
explains the stat.
gpg now also delegates all private key operations to the gpg-agent. Thus there is no more code in the gpg binary for handling private keys
ps aux | grep gpg-a
Edit: can you btw. gpg --export-secret-keys ?
Last edited by seth (2024-01-11 23:23:21)
Offline
The output of ps aux confirms that I have gpg-agent running,
/usr/bin/gpg-agent --supervised
Running
gpg --export-secret-keys
yeilds only the following warning
gpg: WARNING: nothing exported
Offline
Did you reboot after your UID/GID fixes?
You could alter /usr/lib/systemd/user/gpg-agent.service and add "--log-file /tmp/gpg-agent.log --debug-level advanced"
Offline
yes I have rebooted since then. I added the debug flags to the service rebooted, and then ran
gpg --list-secret-keys
here is the log 0x0.st/HIVQ.txt. Nothing immediately jumps out at me as a cause of the issue, in fact it looks like the gpg-agent is running fine...
Offline
After a lot more digging I recopied my back up and it just worked...
not sure what went wrong.
Offline
You probably don't have records of the previous (broken) file/directory owner/permissions and sizes?
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Offline
Pages: 1