GPG Keychain: I lost my private key after installing GPG Keychain

Marek Kwasecki's Avatar

Marek Kwasecki

15 Apr, 2017 12:12 PM

It seems that installing GPG Keychain overwrites .gnupg database I was using before.
I installed gpg from brew then learned there is a nice UI.

Expected
I’d expect GPG Keychain would import keys or not touch the previous db at all.

macOS           10.12.4     16E195
GPG Suite       2016.10     21  
GPGMail -
GPG Keychain    1.3.2       1245
GPGServices     1.11        916 
MacGPG2         2.0.30      884 
GPGPreferences  2.0.1       902 
Libmacgpg       0.7         775 
pinentry        0.9.7       4
  1. Support Staff 1 Posted by Luke Le on 15 Apr, 2017 12:27 PM

    Luke Le's Avatar

    Hi Marek,

    we're very sorry you're having problems with our tools.
    The installation of GPG Suite should never touch your keys, it is however possible that your .gnupg folder permissions might be wrong. In which case you should see an empty keylist.

    Could you please run the following command in Terminal (easiest to find via Spotlight):

    ls -l ~/.gnupg

    (Press enter after typing this line) please post the output here.

    Thanks!

  2. 2 Posted by Marek Kwasecki on 15 Apr, 2017 12:57 PM

    Marek Kwasecki's Avatar

    Mareks-Laptok:~ mkwasecki$ ls -l .gnupg
    total 1520
    srwx------ 1 mkwasecki staff 0 Apr 14 13:32 S.dirmngr
    srwx------ 1 mkwasecki staff 0 Apr 14 12:08 S.gpg-agent
    srwx------ 1 mkwasecki staff 0 Apr 14 12:07 S.gpg-agent.browser
    srwx------ 1 mkwasecki staff 0 Apr 14 12:07 S.gpg-agent.extra
    srwx------ 1 mkwasecki staff 0 Apr 14 12:07 S.gpg-agent.ssh
    drwx------ 3 mkwasecki staff 102 Apr 14 13:32 crls.d
    -rw------- 1 mkwasecki staff 2694 Apr 14 12:05 dirmngr.conf -rw-r--r--@ 1 mkwasecki staff 42 Apr 15 14:09 gpg-agent.conf -rw-------@ 1 mkwasecki staff 5247 Apr 14 14:12 gpg.conf drwx------ 3 mkwasecki staff 102 Apr 14 12:08 openpgp-revocs.d
    drwx------ 4 mkwasecki staff 136 Apr 14 12:08 private-keys-v1.d
    -rw------- 1 mkwasecki staff 367338 Apr 15 12:57 pubring.gpg -rw------- 1 mkwasecki staff 367338 Apr 15 12:57 pubring.gpg~ -rw------- 1 mkwasecki staff 9853 Apr 14 14:07 pubring.kbx -rw------- 1 mkwasecki staff 6871 Apr 14 13:58 pubring.kbx~ -rw------- 1 mkwasecki staff 0 Apr 14 14:11 secring.gpg -rw------- 1 mkwasecki staff 1320 Apr 15 12:57 trustdb.gpg

  3. 3 Posted by Marek Kwasecki on 15 Apr, 2017 01:01 PM

    Marek Kwasecki's Avatar

    More info on the case of the installation:
    I'm using mkwasecki as nonpriv user and another user with Administrator privs.

    I had:
    Mareks-Laptok:~ mkwasecki$ gpg --list-secret-keys --keyid-format LONG

    /Users/mkwasecki/.gnupg/pubring.kbx

    sec rsa2048/40D68876266ACD5A 2017-04-14 [SC] [wygasa: 2019-04-14]
    8D2993AE12C82EF035746D9040D68876266ACD5A uid [ absolutne ] Marek Kwasecki [email blocked]
    ssb rsa2048/C4909CD56BD008B6 2017-04-14 [E] [wygasa: 2019-04-14]

    and now
    Mareks-Laptok:~ mkwasecki$ gpg --list-secret-keys --keyid-format LONG
    Mareks-Laptok:~ mkwasecki$

  4. Support Staff 4 Posted by Luke Le on 15 Apr, 2017 03:03 PM

    Luke Le's Avatar

    Hi Marek,

    that is in fact very strange. We've never seen a case where GPG Suite was at fault.
    Is there any chance you have a no-lock option in your gpg.conf file?
    That has been the culprit before.

    Could you check your gpg.conf for a lock option?

  5. 5 Posted by Marek on 15 Apr, 2017 09:36 PM

    Marek's Avatar

    Luke,
    you got me on this one. I'm not sure what to check.
    If gpg.conf was locked? No it wasn't. (File->Context menu->Get Info)
    ...and in gpg.conf looking for lock doesn't find nothing. I'm sorry, but can you rephrase the question? Any other test I oculd do or info I could give you?

  6. Support Staff 6 Posted by Luke Le on 18 Apr, 2017 08:00 PM

    Luke Le's Avatar

    Hi Marek,

    I have noticed something else.
    There's a private-keys-v1.d folder in your .gnupg folder. Could you

    ls -l ~/.gnupg/.private-keys-v1.d
    

    that for me?
    Is it possible that you created your private keys with gnupg 2.1?
    GPG Suite does not yet support gnupg 2.1 and gnupg 2.1 keys are not compatible with gnupg 2.0.x

  7. 7 Posted by Marek Kwasecki on 18 Apr, 2017 08:20 PM

    Marek Kwasecki's Avatar

    Well.. you are right.

    brew installed:
    $ gpg2 --version gpg (GnuPG) 2.1.20
    libgcrypt 1.7.6

    while

    $ /usr/local/MacGPG2/bin/gpg2 --version gpg (GnuPG/MacGPG2) 2.0.30
    libgcrypt 1.6.6

    First used was the v2.1 - mystery solved I guess.

    Inside this folder there is
    $ ls -l private-keys-v1.d/ total 16
    -rw-------@ 1 mkwasecki staff 1173 Apr 14 12:08 5D7121567D3B1A0C36482A21ED2BA61E6A09F0A2.key -rw------- 1 mkwasecki staff 1157 Apr 14 12:08 ADE286BCC14EFA5FE0797EC94B217A09BDFEAA4A.key

    That's probably one place I didn't look at dates trusting what cli tool say.

  8. Support Staff 8 Posted by Luke Le on 19 Apr, 2017 08:04 AM

    Luke Le's Avatar

    GPG Keychain always prefers our own gnupg if available, so it makes sense that the keychain appeared to be empty.
    We're currently in the process of testing our suite with gnupg 2.1 and hope to include it in a nightly or test release soon.

    We are very relieved that your keys are still there. It would have been the first time, the keys were removed without any input from the user, which of course would have been terrible.

  9. 9 Posted by Marek Kwasecki on 19 Apr, 2017 08:18 AM

    Marek Kwasecki's Avatar

    If at all possible it would be awesome to get some warning of such incompatibility/mismatch.

    Thanks for the support. I think we can close this one.

  10. Support Staff 10 Posted by Steve on 19 Apr, 2017 05:52 PM

    Steve's Avatar

    Marek, if you want to transition back to using 2.0.30 in the meantime:

    You need to export your sec/pub key which was created with 2.1. In order to do that, 2.1 has to be installed on your system, so you may have to re-install 2.1 in case it was uninstalled. Ensure there is a password set for all secret keys created under 2.1. After that, please export the secret keys:

    open terminal.app and paste the following command:

    gpg2 -a --export-secret-keys > ~/Desktop/secret_keys.asc
    

    Please do not deleted anything. Re-import the exported file(s) to GPG Keychain.

    Let me know if this worked.

    Best,
    steve

  11. 11 Posted by Marek Kwasecki on 25 Apr, 2017 10:52 PM

    Marek Kwasecki's Avatar

    Steve,

    thank you. That actually worked.

    Best regards,
    Marek

  12. Support Staff 12 Posted by Steve on 26 Apr, 2017 03:34 PM

    Steve's Avatar

    Perfect. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  13. Steve closed this discussion on 26 Apr, 2017 03:34 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac