[NOT SOLVED but explained] I fucked up and lost access to my pws

Humar · 2024-10-08 17:36:13

Hey!

Okay, so my laptop broke and I sent it in for warranty. Long story short: it came back, but the disk was wiped. So I set up arch again, smooth sailing.

Now I wanted to bring my .password-store to the laptop and I exported my secret-key on my main desktop:

gpg2 --export-secret-keys > pass-key.gpg

I move this to a folder ~/test

I then brought the folder to the laptop and also moved over .password-store ... I did this via syncthing.

On the laptop I do:

gpg2 --import test/pass-key.gpg

This works.

I see the key via

gpg2 --list-secret-keys

Now when I enter pass, I can see my password structure. I try to decrypt a password and get:

gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key

Hm, I must have made a mistake.

So I enter the same thing on my desktop for another password.

Same error!

I begin to slightly panic...

I manually kill my gpg-agent, I even reboot the desktop... to no avail.
I can't decrypt my passwords any longer.

Is there any chance I can find out what went wrong AND fix it?

There is a myriad of passwords in there... I never had this problem, but I think it started with using syncthing for this and doing a pass init and pass git init on the laptop before I synced (and it synced back, it wasn't one way )

Any ideas?

Last edited by Humar (2024-10-08 18:02:47)

Humar · 2024-10-08 17:50:47

Ah, interesting, it's only all older passwords... they appear to be encrypted with an RSA key I don't have... I wonder how that happened.

Everything I did this year was encrypted with another key and that one I have, so it works just fine... oO

Humar · 2024-10-08 17:56:11

Okay, so it has something to do with a git push I did on the password-store...

When I go back to an older commit I can decrypt everything just fine!

Humar · 2024-10-08 18:02:06

Yes, so the problem is definitely coming from this commit:

> Reencrypt password store using new GPG id NAME_OF_NEW_ID.

I wonder how this worked before I pushed the changes... I think the problem was that I reencrypted and had a merge conflict and just pulled and... no idea how it really happened but I can access most passwords just fine, so there is that.

I'll start by exporting all of them to a secure location and then go from there.

Thanks anyway!

cryptearth · 2024-10-08 18:36:02

two line come to my mind:
never do your own crypto
and
no backup no pity
now that you experienced what can go wrong I recommend using a proper password manager and create a proper backup (and test that often!)

Humar · 2024-10-08 20:32:10

I didn't do my own crypto, I use a proper password manager.

But I can be blamed for the backup.

Fixed everything with git reflog though

cryptearth · 2024-10-08 20:43:05

Humar wrote:

I use a proper password manager.

doesn'T look like it - you did some changes - so something YOU control
what I mean by "don't do your own crypto and use a proper manager": don'T do ANYTHING yourself but ONLY use the manager
as whatever you did (or still do) reads like you changed some code you control which broke - doesn't sound to me you are using some proper manager

Humar · 2024-10-08 21:09:04

I use a proper manager, I just misused it. It was all my fault, not the fault of the software. Errare humanum est.

I use passwordstore with git integrations.

Anyway: I NEVER rolled my own crypto.

And with that I am out. Thanks for chiming in, have a wonderful week!

Arch Linux

#1 2024-10-08 17:36:13

[NOT SOLVED but explained] I fucked up and lost access to my pws

#2 2024-10-08 17:50:47

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

#3 2024-10-08 17:56:11

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

#4 2024-10-08 18:02:06

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

#5 2024-10-08 18:36:02

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

#6 2024-10-08 20:32:10

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

#7 2024-10-08 20:43:05

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

#8 2024-10-08 21:09:04

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

Board footer