Empty GPG Keychain / losing newly created private keys
Hello everyone,
Affected tools:
- GPG Keychain
- version: latest
Steps leading to the problem:
I created a public/private key for my new email address and uploaded them to the keyserver. So far so good.
Problem:
Before I attempted to export (backup) the keys, however, I tried to add a new identity to the keys and upload to keyserver again. Problem is, the upload actually failed and since that moment, GPG Keychain was empty (didn't display ANY key) - whatever I did and despite the ~/.gnupg folder still seemed very much alright. Once that happened, I should have been smarter, leave everything as it is and write this support ticket. But seeing that the ~/.gnupg folder still obviously contained all my private keys and believing that they are only encrypted using the passphrase, I copied them over (including most of the other files), deleted the folder and proceeded to re-install GPG Suite. To my surprise, the keys couldn't be imported again because there's apparently another encryption layer involved.
I attached an exerpt from system.log (translated to english), which I believe is related to the above error.
Summary:
So, I still have the private key but it is encrypted using GPG Suite and I don't know how to decrypt it - given the circumstances above, is there a way to do it manually? I would have revoked the public key on the servers and be done with it but I need the private key to do that. Passphrase is not a problem of course :).
What did you expect instead:
Well, leaving aside the failed upload (probably problems with my Wi-Fi) and my stupidity, I think I would expect GPG Keychain to keep its integrity. But first and foremost, after encountering this issue, I think that GPG Suite should definitely offer to export the private key RIGHT AFTER generating it, before doing ANYTHING else (especially uploading to keyserver), and with a stern warning.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Jiri on 13 Nov, 2017 08:07 PM
Update: I finally noticed there was a revocation certificate among the copied files (thank you GPG Suite!) and thus, my issue is resolved. For more information:
https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-revoke-a-...
Nevertheless, I think the expected behaviour still stands :).
Support Staff 2 Posted by Steve on 13 Nov, 2017 11:01 PM
Hi Jiri,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
Glad to hear, you were able to resolve the situation already.
We have a ticket to add a backup mechanism for rev certs + sec/pub keys. Once that exists it would be indeed be a good idea, to add a step to the setup wizard. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.
I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 13 Nov, 2017 11:01 PM.