Decrypt Old Emails Using New Key/Email Address?
I recently had an old Mac Pro running 10.6.8 fail catastrophically, and the drive was also lost. Thankfully, I'd archived all my vital emails encrypted with GPG. I also moved from Ireland to Thailand, necessitating a new email address. Before I install the latest GPG suite, I need to know whether I'll still be able to decrypt emails which used the original key with a now-defunct email address, and if so, how?
Thank you for your time and consideration.
David Bourke
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by David Bourke on 18 Jul, 2017 12:18 AM
I'll add that shortly before the failure, I made a disk image and brought it with me to Thailand. However, when I try to open it in Sierra, it returns a "no mountable file systems" error. The Apple Store here can't help.
David Bourke
Support Staff 2 Posted by Steve on 18 Jul, 2017 01:06 PM
Hi David,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
First things first: The requirement to decrypt any encrypted message is that you need to have the corresponding secret key for the public key with which the message in question was encrypted with. in addition you need the password to unlock the secret key for decryption.
So even if you now use a different email address, as long as you have the secret key for your old email + password you will be able to decrypt the old messages.
Since you write the old harddrive was lost, I am a bit unclear wether you will be able to recover your old key. You then write you created a disk image. If you are able to mount that image you would want to look at this: https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/backup-or-transf...
Note if you are able to recover your old key, you can add additional email addresses to your existing key if you want: This KB-article explains how to add more than one email address to an existing key. The email addresses in a key are called userIDs and you can add as many as you want.
Important note: Note that all email addresses you add to a single key can be connected to one identity. Depending on your use-case this might be wanted or should be avoided. Please consider that first and then proceed.
All the best,
steve
3 Posted by David Bourke on 18 Jul, 2017 09:30 PM
Thanks for climbing aboard, Steve. I've spent the whole evening researching the image mounting problem, and it seems I'm out of luck. I have a disk image here on the desktop of a MacBook Pro running 10.12.5 and no way to mount it. The GPG suite is installed on it, so the secret key is there - I just can't get at it.
I'll have to buy an old Mac running 10.6.8 to mount these images, I think.
Incidentally, I brought a few external drives to Thailand. One of them is a CCC clone of the Mac Pro drive. Unfortunately, it was made before I installed GPG Tools. Neither 10.6.8 for 10.7.2 will boot this MacBook Pro.
Looks like I;ll have to bite the bullet and buy an old clunker just for this job.
When I do, where will I find the secret key, and what's the file extension? Thanks again.
David.
Support Staff 4 Posted by Steve on 18 Jul, 2017 09:35 PM
That is covered in this KB: https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/backup-or-transf...
You would want to export all keys from the current machine (if any relevent keys are in there). Make sure to also include the secret keys when exporting.
Then grab the .gnupg folder from your backup. Replace the .gnupg folder on the new mac with the .gnupg folder from your backup and your keys should be there when then opening GPG Keychain. You can then re-import any keys you exported from the new mac.
I am at a loss regarding that image mounting problem. Maybe you can get in touch with the nice people at bombich software (CCC makers) and ask if they have any experience with such a case.
Kindly,
steve
Support Staff 5 Posted by Steve on 18 Aug, 2017 01:01 PM
Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.
All the best, steve
Steve closed this discussion on 18 Aug, 2017 01:01 PM.
David Bourke re-opened this discussion on 22 Aug, 2017 03:05 PM
6 Posted by David Bourke on 22 Aug, 2017 03:05 PM
Hi Steve,
I've just returned to Thailand from Ireland after sorting out a problem caused by my Irish bank. I brought the four physical drives from my defunct Mac Pro, and they mount fine on my MacBook Pro. I've located the old .gnupg folder. It contains an empty folder "private-keys-v1.d" and a file "random_seed" not present in the new folder.
File size differences are: "gpg-agent.conf" 42 bytes (old), 0 bytes (new); "gpg.conf" 9KB (old), same size (new); "pubring.gpg/pubring.gpg~" 159KB (old), 353KB (new); "secring.gpg" 6KB (old), 0 bytes (new); "trustdb.gpg" 2KB (old), 1KB (new).
I'm praying that the "secring.gpg" file size disparity means I have the keys I need to decrypt my old emails, but I don't want to mess this up at this stage. Can you please advise on how I should proceed now?
Thank you for your patience and kind assistance, Steve.
David.
Support Staff 7 Posted by Steve on 23 Aug, 2017 10:12 AM
Hi David,
try the following:
Are you able to execute the above steps? If not, please let me know at which step you are running into difficulties.
Support Staff 8 Posted by Steve on 16 Feb, 2018 11:12 AM
Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.
All the best, steve
Steve closed this discussion on 16 Feb, 2018 11:12 AM.