Empty GPG Keychain / losing newly created private keys

Jiri's Avatar

Jiri

13 Nov, 2017 03:10 PM

Hello everyone,

Affected tools:
- GPG Keychain
- version: latest

Steps leading to the problem:
I created a public/private key for my new email address and uploaded them to the keyserver. So far so good.

Problem:
Before I attempted to export (backup) the keys, however, I tried to add a new identity to the keys and upload to keyserver again. Problem is, the upload actually failed and since that moment, GPG Keychain was empty (didn't display ANY key) - whatever I did and despite the ~/.gnupg folder still seemed very much alright. Once that happened, I should have been smarter, leave everything as it is and write this support ticket. But seeing that the ~/.gnupg folder still obviously contained all my private keys and believing that they are only encrypted using the passphrase, I copied them over (including most of the other files), deleted the folder and proceeded to re-install GPG Suite. To my surprise, the keys couldn't be imported again because there's apparently another encryption layer involved.

I attached an exerpt from system.log (translated to english), which I believe is related to the above error.

Summary:
So, I still have the private key but it is encrypted using GPG Suite and I don't know how to decrypt it - given the circumstances above, is there a way to do it manually? I would have revoked the public key on the servers and be done with it but I need the private key to do that. Passphrase is not a problem of course :).

What did you expect instead:
Well, leaving aside the failed upload (probably problems with my Wi-Fi) and my stupidity, I think I would expect GPG Keychain to keep its integrity. But first and foremost, after encountering this issue, I think that GPG Suite should definitely offer to export the private key RIGHT AFTER generating it, before doing ANYTHING else (especially uploading to keyserver), and with a stern warning.

  1. 1 Posted by Jiri on 13 Nov, 2017 08:07 PM

    Jiri's Avatar

    Update: I finally noticed there was a revocation certificate among the copied files (thank you GPG Suite!) and thus, my issue is resolved. For more information:
    https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-revoke-a-...

    Nevertheless, I think the expected behaviour still stands :).

  2. Support Staff 2 Posted by Steve on 13 Nov, 2017 11:01 PM

    Steve's Avatar

    Hi Jiri,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    Glad to hear, you were able to resolve the situation already.

    We have a ticket to add a backup mechanism for rev certs + sec/pub keys. Once that exists it would be indeed be a good idea, to add a step to the setup wizard. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  3. Steve closed this discussion on 13 Nov, 2017 11:01 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac