Recently I had to reinstall my whole Debian system because I ha a few problems. And I didn't do this for like 7 years or so. The result is that I didn't even remember to save my ~/.gnupg, so now I created new key and uploaded it to an online server.
Ok, but now, somehow, other programs say they cannot find the secret key.
And there are 2 contradictory scenarios.
Scenario 1 - GPG says there is a secret key available
Scenario 2 - GPG cannot export the secret key because says that there's nothing to export.
I'll show some commands outputs to kind of illustrate both scenarios and some more commands that may help to picture the whole situation.
Scenario 1:
The following command says "there is a secret key available
Code: Select all
$ gpg2 --edit-key 5306D6C5B1CCDE5D66B542B98345F0A70D1149F1
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec ed25519/8345F0A70D1149F1
created: 2020-11-23 expires: 2021-11-23 usage: SC
trust: ultimate validity: ultimate
sub cv25519/930B7F6B3C1AC32C
created: 2020-11-23 expires: 2021-11-23 usage: E
[ultimate] (1). MyNickName (Generic usage key) <my-email-etc@email-provider.com>
gpg>
Code: Select all
$ gpg2 --delete-key my-email-etc@email-provider.com
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: there is a secret key for public key "my-email-etc@email-provider.com"!
gpg: use option "--delete-secret-keys" to delete it first.
Code: Select all
gpg2 --output my-backup-keys.gpg --armor --export --export-options export-backup my-email-etc@email-provider.com
So, I though all was good.--export-options parameters
backup
export-backup
Export for use as a backup. The exported data includes all data which is needed to restore the key or keys later with GnuPG. The format is basically the OpenPGP
format but enhanced with GnuPG specific data. All other contradicting options are overridden.
Moreover, there are 2 folders at ~/.gnupg named openpgp-revocs.d and private-keys-v1.d. Inside each of these folders is one file which I suppose to be the revoke and private keys.
SCENARIO 2
In this scenario all points to the fact there no secret key is available.
If I try to list secret keys with the following command:
Code: Select all
$ gpg2 --list-secret-keys
~/.gnupg/pubring.kbx
------------------------------------
sec ed25519 2020-11-23 [SC] [expires: 2021-11-23]
5306D6C5B1CCDE5D66B542B98345F0A70D1149F1
uid [ultimate] MyNickName (Generic usage key) <my-email-etc@email-provider.com>
ssb# cv25519 2020-11-23 [E] [expires: 2021-11-23]
Code: Select all
$ gpg2 --import ~/.gnupg/private-keys-v1.d/OMITTEDSTRINGJUSTINCASE.key
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Code: Select all
$ gpg2 --output message.gpg --encrypt message.log
You did not specify a user ID. (you may use "-r")
Current recipients:
Enter the user ID. End with an empty line: my-email-etc@email-provider.com
Current recipients:
cv25519/930B7F6B3C1AC32C 2020-11-23 "MyNickName (Generic usage key) <my-email-etc@email-provider.com>"
Enter the user ID. End with an empty line:
mymachine@mymachine:~/Documents$ gpg2 --output message-dec.log --decrypt message.gpg
gpg: encrypted with 256-bit ECDH key, ID 930B7F6B3C1AC32C, created 2020-11-23
"MyNickName (Generic usage key) <my-email-etc@email-provider.com>"
gpg: decryption failed: No secret key
mymachine@mymachine:~/Documents$
Code: Select all
$ gpg2 --import ~/.gnupg/openpgp-revocs.d/5306D6C5B1CCDE5D66B542B98345F0A70D1149F1.rev
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Code: Select all
$ gpg2 --import ~/.gnupg/openpgp-revocs.d/5306D6C5B1CCDE5D66B542B98345F0A70D1149F1.rev
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
So, what you guys think that went wrong? And is this key doomed to die when expiration time comes? I can't even revoke it.
BTW, I know the password to unlock the private key (encryption I suppose). I'm not sure how this works, but seems to me that one private key is used to encrypt (maybe it's the pub key, commonly miscalled encryption private key), and another one is used to decrypt (this one seems to me to be the one missing).
Thanks for any help
Psy