You are not logged in.

#1 2024-10-08 17:36:13

Humar
Member
Registered: 2013-09-13
Posts: 73

[NOT SOLVED but explained] I fucked up and lost access to my pws

Hey!

Okay, so my laptop broke and I sent it in for warranty. Long story short: it came back, but the disk was wiped. So I set up arch again, smooth sailing.

Now I wanted to bring my .password-store to the laptop and I exported my secret-key on my main desktop:

gpg2 --export-secret-keys > pass-key.gpg

I move this to a folder ~/test

I then brought the folder to the laptop and also moved over .password-store ... I did this via syncthing.

On the laptop I do:

gpg2 --import test/pass-key.gpg

This works.

I see the key via

gpg2 --list-secret-keys

Now when I enter pass, I can see my password structure. I try to decrypt a password and get:

gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key

Hm, I must have made a mistake.

So I enter the same thing on my desktop for another password.

Same error!

I begin to slightly panic...

I manually kill my gpg-agent, I even reboot the desktop... to no avail.
I can't decrypt my passwords any longer.

Is there any chance I can find out what went wrong AND fix it?

There is a myriad of passwords in there... I never had this problem, but I think it started with using syncthing for this and doing a pass init and pass git init on the laptop before I synced (and it synced back, it wasn't one way sad)

Any ideas?

Last edited by Humar (2024-10-08 18:02:47)

Offline

#2 2024-10-08 17:50:47

Humar
Member
Registered: 2013-09-13
Posts: 73

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

Ah, interesting, it's only all older passwords... they appear to be encrypted with an RSA key I don't have... I wonder how that happened.

Everything I did this year was encrypted with another key and that one I have, so it works just fine... oO

Offline

#3 2024-10-08 17:56:11

Humar
Member
Registered: 2013-09-13
Posts: 73

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

Okay, so it has something to do with a git push I did on the password-store...

When I go back to an older commit I can decrypt everything just fine!

Offline

#4 2024-10-08 18:02:06

Humar
Member
Registered: 2013-09-13
Posts: 73

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

Yes, so the problem is definitely coming from this commit:

> Reencrypt password store using new GPG id NAME_OF_NEW_ID.

I wonder how this worked before I pushed the changes... I think the problem was that I reencrypted and had a merge conflict and just pulled and... no idea how it really happened but I can access most passwords just fine, so there is that.

I'll start by exporting all of them to a secure location and then go from there.

Thanks anyway!

Offline

#5 2024-10-08 18:36:02

cryptearth
Member
Registered: 2024-02-03
Posts: 924

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

two line come to my mind:
never do your own crypto
and
no backup no pity
now that you experienced what can go wrong I recommend using a proper password manager and create a proper backup (and test that often!)

Offline

#6 2024-10-08 20:32:10

Humar
Member
Registered: 2013-09-13
Posts: 73

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

I didn't do my own crypto, I use a proper password manager.

But I can be blamed for the backup.

Fixed everything with git reflog though smile

Offline

#7 2024-10-08 20:43:05

cryptearth
Member
Registered: 2024-02-03
Posts: 924

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

Humar wrote:

I use a proper password manager.

doesn'T look like it - you did some changes - so something YOU control
what I mean by "don't do your own crypto and use a proper manager": don'T do ANYTHING yourself but ONLY use the manager
as whatever you did (or still do) reads like you changed some code you control which broke - doesn't sound to me you are using some proper manager

Offline

#8 2024-10-08 21:09:04

Humar
Member
Registered: 2013-09-13
Posts: 73

Re: [NOT SOLVED but explained] I fucked up and lost access to my pws

I use a proper manager, I just misused it. It was all my fault, not the fault of the software. Errare humanum est.

I use passwordstore with git integrations.

Anyway: I NEVER rolled my own crypto.

And with that I am out. Thanks for chiming in, have a wonderful week!

Offline

Board footer

Powered by FluxBB