GPG Keychain: I lost my private key after installing GPG Keychain
It seems that installing GPG Keychain overwrites .gnupg database I was using before.
I installed gpg from brew then learned there is a nice UI.
Expected
I’d expect GPG Keychain would import keys or not touch the previous db at all.
macOS 10.12.4 16E195
GPG Suite 2016.10 21
GPGMail -
GPG Keychain 1.3.2 1245
GPGServices 1.11 916
MacGPG2 2.0.30 884
GPGPreferences 2.0.1 902
Libmacgpg 0.7 775
pinentry 0.9.7 4
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 15 Apr, 2017 12:27 PM
Hi Marek,
we're very sorry you're having problems with our tools.
The installation of GPG Suite should never touch your keys, it is however possible that your .gnupg folder permissions might be wrong. In which case you should see an empty keylist.
Could you please run the following command in Terminal (easiest to find via Spotlight):
ls -l ~/.gnupg
(Press enter after typing this line) please post the output here.
Thanks!
2 Posted by Marek Kwasecki on 15 Apr, 2017 12:57 PM
Mareks-Laptok:~ mkwasecki$ ls -l .gnupg
total 1520
srwx------ 1 mkwasecki staff 0 Apr 14 13:32 S.dirmngr
srwx------ 1 mkwasecki staff 0 Apr 14 12:08 S.gpg-agent
srwx------ 1 mkwasecki staff 0 Apr 14 12:07 S.gpg-agent.browser
srwx------ 1 mkwasecki staff 0 Apr 14 12:07 S.gpg-agent.extra
srwx------ 1 mkwasecki staff 0 Apr 14 12:07 S.gpg-agent.ssh
drwx------ 3 mkwasecki staff 102 Apr 14 13:32 crls.d
-rw------- 1 mkwasecki staff 2694 Apr 14 12:05 dirmngr.conf -rw-r--r--@ 1 mkwasecki staff 42 Apr 15 14:09 gpg-agent.conf -rw-------@ 1 mkwasecki staff 5247 Apr 14 14:12 gpg.conf drwx------ 3 mkwasecki staff 102 Apr 14 12:08 openpgp-revocs.d
drwx------ 4 mkwasecki staff 136 Apr 14 12:08 private-keys-v1.d
-rw------- 1 mkwasecki staff 367338 Apr 15 12:57 pubring.gpg -rw------- 1 mkwasecki staff 367338 Apr 15 12:57 pubring.gpg~ -rw------- 1 mkwasecki staff 9853 Apr 14 14:07 pubring.kbx -rw------- 1 mkwasecki staff 6871 Apr 14 13:58 pubring.kbx~ -rw------- 1 mkwasecki staff 0 Apr 14 14:11 secring.gpg -rw------- 1 mkwasecki staff 1320 Apr 15 12:57 trustdb.gpg
3 Posted by Marek Kwasecki on 15 Apr, 2017 01:01 PM
More info on the case of the installation:
I'm using mkwasecki as nonpriv user and another user with Administrator privs.
I had:
Mareks-Laptok:~ mkwasecki$ gpg --list-secret-keys --keyid-format LONG
/Users/mkwasecki/.gnupg/pubring.kbx
sec rsa2048/40D68876266ACD5A 2017-04-14 [SC] [wygasa: 2019-04-14]
8D2993AE12C82EF035746D9040D68876266ACD5A uid [ absolutne ] Marek Kwasecki [email blocked]
ssb rsa2048/C4909CD56BD008B6 2017-04-14 [E] [wygasa: 2019-04-14]
and now
Mareks-Laptok:~ mkwasecki$ gpg --list-secret-keys --keyid-format LONG
Mareks-Laptok:~ mkwasecki$
Support Staff 4 Posted by Luke Le on 15 Apr, 2017 03:03 PM
Hi Marek,
that is in fact very strange. We've never seen a case where GPG Suite was at fault.
Is there any chance you have a no-lock option in your gpg.conf file?
That has been the culprit before.
Could you check your gpg.conf for a lock option?
5 Posted by Marek on 15 Apr, 2017 09:36 PM
Luke,
you got me on this one. I'm not sure what to check.
If gpg.conf was locked? No it wasn't. (File->Context menu->Get Info)
...and in gpg.conf looking for lock doesn't find nothing. I'm sorry, but can you rephrase the question? Any other test I oculd do or info I could give you?
Support Staff 6 Posted by Luke Le on 18 Apr, 2017 08:00 PM
Hi Marek,
I have noticed something else.
There's a private-keys-v1.d folder in your .gnupg folder. Could you
that for me?
Is it possible that you created your private keys with gnupg 2.1?
GPG Suite does not yet support gnupg 2.1 and gnupg 2.1 keys are not compatible with gnupg 2.0.x
7 Posted by Marek Kwasecki on 18 Apr, 2017 08:20 PM
Well.. you are right.
brew installed:
$ gpg2 --version gpg (GnuPG) 2.1.20
libgcrypt 1.7.6
while
$ /usr/local/MacGPG2/bin/gpg2 --version gpg (GnuPG/MacGPG2) 2.0.30
libgcrypt 1.6.6
First used was the v2.1 - mystery solved I guess.
Inside this folder there is
$ ls -l private-keys-v1.d/ total 16
-rw-------@ 1 mkwasecki staff 1173 Apr 14 12:08 5D7121567D3B1A0C36482A21ED2BA61E6A09F0A2.key -rw------- 1 mkwasecki staff 1157 Apr 14 12:08 ADE286BCC14EFA5FE0797EC94B217A09BDFEAA4A.key
That's probably one place I didn't look at dates trusting what cli tool say.
Support Staff 8 Posted by Luke Le on 19 Apr, 2017 08:04 AM
GPG Keychain always prefers our own gnupg if available, so it makes sense that the keychain appeared to be empty.
We're currently in the process of testing our suite with gnupg 2.1 and hope to include it in a nightly or test release soon.
We are very relieved that your keys are still there. It would have been the first time, the keys were removed without any input from the user, which of course would have been terrible.
9 Posted by Marek Kwasecki on 19 Apr, 2017 08:18 AM
If at all possible it would be awesome to get some warning of such incompatibility/mismatch.
Thanks for the support. I think we can close this one.
Support Staff 10 Posted by Steve on 19 Apr, 2017 05:52 PM
Marek, if you want to transition back to using 2.0.30 in the meantime:
You need to export your sec/pub key which was created with 2.1. In order to do that, 2.1 has to be installed on your system, so you may have to re-install 2.1 in case it was uninstalled. Ensure there is a password set for all secret keys created under 2.1. After that, please export the secret keys:
open terminal.app and paste the following command:
Please do not deleted anything. Re-import the exported file(s) to GPG Keychain.
Let me know if this worked.
Best,
steve
11 Posted by Marek Kwasecki on 25 Apr, 2017 10:52 PM
Steve,
thank you. That actually worked.
Best regards,
Marek
Support Staff 12 Posted by Steve on 26 Apr, 2017 03:34 PM
Perfect. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 26 Apr, 2017 03:34 PM.