Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
GNUGP new key with old data under an old gnu version - how to fix it?
gnupg-users at gnupg
Feb 26, 2020, 12:09 PM
Post #1 of 3 (313 views)
Permalink
Hello

I?m having this problem:

I have running a BIG system made few years ago and the programmer is not
working anymore.
The system store few data in mySQL database using gnupg encryption.
All was fine until few days ago, when the key expired. So i generate a new
one and all was perfect. But...

The new gnugp key was generated under version 2.0.22 and the data stored in
database is under gnugp 1.45
Then.. ALL new record is encrypted perfectly and appears in the database,
but the archive of a LOT records are missing, because the system is not
displaying the data encrypted with the old version.

My questions :

1 - is possible to dwongrade the GNUGP version to 1.45 in the server using
cpanel + cloudlinux and then, re-generate the key using the old 1.45
version?
2 - or is possible to update the entire database to read the encrypted data
wit the new key generated under the new version?
3 - or i?m doing something wrong ???

Thanks
Fabian
Re: GNUGP new key with old data under an old gnu version - how to fix it? [ In reply to ]
andrewg at andrewg
Feb 27, 2020, 2:31 AM
Post #2 of 3 (313 views)
Permalink
On 26/02/2020 20:09, ADNPLANET via Gnupg-users wrote:
>
> The new gnugp key was generated under version 2.0.22 and the data stored
> in database is under gnugp 1.45
> Then.. ALL new record is encrypted perfectly and appears in the
> database, but the archive of a LOT records are missing, because the
> system is not displaying the data encrypted with the old version.

Firstly, are you sure you have both the old and new keys in your private
keyring? If an encryption key expires, it just means that nothing should
be encrypted *to* it any more, but unless you believe that it has been
compromised it is still safe to use to process existing data. So don't
delete it. :-)

If you do have the old key but it isn't decrypting the old data, then it
may be because the old data is using an outdated format. Try passing the
option --ignore-mdc-error and see what happens. Are there any error
messages emitted? Can you export one of the encrypted blobs to local
disk and decrypt it on the command line?

> My questions :
>
> 1 - is possible to dwongrade the GNUGP version to 1.45 in the server
> using cpanel + cloudlinux and then, re-generate the key using the old
> 1.45 version?

Yes, but I would only recommend this as a last resort. Also note that if
you do this you will lose access to all your *new* data, which may be a
worse outcome for you, depending on your use case.

> 2 - or is possible to update the entire database to read the encrypted
> data wit the new key generated under the new version?

Yes, but it will depend on you being able to decrypt the old data so we
should fix that problem first...

> 3 - or i?m doing something wrong ???

Maybe, what *exactly* are you doing? Without divulging any secrets. :-)

--
Andrew Gallagher

Attached Files:

RE: GNUGP new key with old data under an old gnu version - how to fix it? [ In reply to ]
gnupg-users at gnupg
Mar 2, 2020, 2:14 PM
Post #3 of 3 (307 views)
Permalink
Thanks Andrew!

I fixed the issue with your tips.

I get a backup of the deleted old version keys and use that to display old
data and the new key to enter and display the new data.
Both are installed and both are working fine.

Many thanks for your help!

Fabian

-----Mensaje original-----
De: Gnupg-users <gnupg-users-bounces@gnupg.org> En nombre de Andrew
Gallagher
Enviado el: jueves, 27 de febrero de 2020 07:32
Para: gnupg-users@gnupg.org
Asunto: Re: GNUGP new key with old data under an old gnu version - how to
fix it?

On 26/02/2020 20:09, ADNPLANET via Gnupg-users wrote:
>
> The new gnugp key was generated under version 2.0.22 and the data
> stored in database is under gnugp 1.45 Then.. ALL new record is
> encrypted perfectly and appears in the database, but the archive of a
> LOT records are missing, because the system is not displaying the data
> encrypted with the old version.

Firstly, are you sure you have both the old and new keys in your private
keyring? If an encryption key expires, it just means that nothing should be
encrypted *to* it any more, but unless you believe that it has been
compromised it is still safe to use to process existing data. So don't
delete it. :-)

If you do have the old key but it isn't decrypting the old data, then it may
be because the old data is using an outdated format. Try passing the option
--ignore-mdc-error and see what happens. Are there any error messages
emitted? Can you export one of the encrypted blobs to local disk and decrypt
it on the command line?

> My questions :
>
> 1 - is possible to dwongrade the GNUGP version to 1.45 in the server
> using cpanel + cloudlinux and then, re-generate the key using the old
> 1.45 version?

Yes, but I would only recommend this as a last resort. Also note that if you
do this you will lose access to all your *new* data, which may be a worse
outcome for you, depending on your use case.

> 2 - or is possible to update the entire database to read the encrypted
> data wit the new key generated under the new version?

Yes, but it will depend on you being able to decrypt the old data so we
should fix that problem first...

> 3 - or i?m doing something wrong ???

Maybe, what *exactly* are you doing? Without divulging any secrets. :-)

--
Andrew Gallagher



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal