Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
how to recover secret key passphrase?
ilf at zeromail
Aug 18, 2019, 9:06 AM
Post #1 of 6 (386 views)
Permalink
Over the years, I have used quite a number of keypairs. Unfortunately, I
have forgotten the passphrase for some of them. But I do know potential
parts of the passphrase.

What's the current recommended way to recover the passphrase of OpenPGP
private keys?

The classic John the Ripper includes a tool "gpg2john" to convert
ASCII-armored exported private keys to a format that john can work with:
http://blog.atucom.net/2015/08/cracking-gpg-key-passwords-using-john.html

However, to export a private key from the current private-keys-v1.d/
gpg-agent key store, I need my passphrase. Which I can't remember.

I would welcome any hints on how to achieve this.

According to Kerckhoffs's principle, this can be public knowledge, in
contrast to "security through obscurity". But if you feel like this is
sensible, feel free to answer me directly instead of the list.

Thanks!

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to recover secret key passphrase? [ In reply to ]
ml at mareichelt
Aug 20, 2019, 9:25 AM
Post #2 of 6 (384 views)
Permalink
* ilf <ilf@zeromail.org> wrote:

> Over the years, I have used quite a number of keypairs. Unfortunately, I
> have forgotten the passphrase for some of them. But I do know potential
> parts of the passphrase.

This is ancient, but may help you https://www.vanheusden.com/nasty/


--
left blank, right bald

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to recover secret key passphrase? [ In reply to ]
ilf at zeromail
Aug 20, 2019, 9:53 AM
Post #3 of 6 (384 views)
Permalink
Markus Reichelt:
>> Over the years, I have used quite a number of keypairs. Unfortunately, I
>> have forgotten the passphrase for some of them. But I do know potential
>> parts of the passphrase.
> This is ancient, but may help you https://www.vanheusden.com/nasty/

Thanks. But my problem is not the actual brute-forcing part, john is
perfect for that. My problem is getting a usable input for john from the
current the current private-keys-v1.d/ gpg-agent private key key store
format.

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to recover secret key passphrase? [ In reply to ]
gnupg-users at gnupg
Aug 20, 2019, 10:46 AM
Post #4 of 6 (384 views)
Permalink
On 8/20/2019 at 12:57 PM, "ilf" <ilf@zeromail.org> wrote:

> My problem is getting a usable input for john
>from the current the current private-keys-v1.d/ gpg-agent private key key
>store format.

=====

Try This:

[1] Open a new terminal command prompt window
[2] Type gpg -a --export-secret-key keyname

The private key block should then appear in your terminal window.

No passphrase is necessary unless you want to 'edit' the key.

This works in both GnuPG 1.x and 2.x
assuming that your keyrings are in your home directory.

Don't use gpg-agent for this.


vedaal


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to recover secret key passphrase? [ In reply to ]
peter at digitalbrains
Aug 21, 2019, 3:03 AM
Post #5 of 6 (384 views)
Permalink
On 20/08/2019 19:46, vedaal via Gnupg-users wrote:
> Try This:
>
> [1] Open a new terminal command prompt window
> [2] Type gpg -a --export-secret-key keyname

I think ilf is quite correct that you need to enter your passphrase to
do an export from the agent-managed store in private-keys-v1.d. The
encryption in the private key store is not the same as the encryption of
a transferable OpenPGP private key anymore, so it needs to be decrypted
and re-encrypted, which is why you're asked for your passphrase.

> This works in both GnuPG 1.x and 2.x

I think it would have worked in 1.x and 2.0. But for 2.1+, it no longer
works, and

> Don't use gpg-agent for this.

you actually really need the agent to access the private keys from GnuPG
2.1+.

So what ilf probably needs is something that can read the private keybox
format. That's where my advice falls short: I can't help with that.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Attached Files:

Re: how to recover secret key passphrase? [ In reply to ]
gnupg-users at gnupg
Aug 21, 2019, 3:24 AM
Post #6 of 6 (384 views)
Permalink
On Wed, 21 Aug 2019 12:03, peter@digitalbrains.com said:

> So what ilf probably needs is something that can read the private keybox
> format. That's where my advice falls short: I can't help with that.

That is right. You need a new tool for John to do that. The format is
descriped in gnupg/agent/keyformat.txt. I do not have the time to write
such a tool anytime soon. Sorry.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal