Mailing List Archive

Recovering private keys in a friend's GPG installation
Hello GnuPG mailing list,

A friend of mine is running into issues with restoring their private
keys after a botched system upgrade. While I don't have details of what
exactly went wrong, they do have 3 keys in:

~/.gnupg/private-keys-v1.d/

~/.gnupg/secring.gpg is empy, and their backups don't have any private
keys in them.

I asked them to run commands on both gpg and gpg2 commands in Trisquel
8, which is based off of Ubuntu 16.04, however, neither gpg
--list-secret-keys nor gpg2 show any private keys.

I asked them to cross-import public keys from both the gpg and gpg2
public keys exports, and checked to make sure that their public key is
installed in their public keyring. We tried touching
~/.gnupg/.gpg-v21-migrated , and all permissions look correct.
Unfortunately, none of these methods have imported / activated the
private keys.

My best guess is that these 3 keys are associated with some older
private keys, and were merely left behind. If there is a way to check
the fingerprint of the keys they belong to, and to import them, that
would be super helpful. Is there a way to do that?

Thanks, : )
Andrew
Re: Recovering private keys in a friend's GPG installation [ In reply to ]
On Mon, 21 Sep 2020 12:58, Andrew Engelbrecht said:

> private keys, and were merely left behind. If there is a way to check
> the fingerprint of the keys they belong to, and to import them, that
> would be super helpful. Is there a way to do that?

Unfortunately this is not instantly possible because the creation time
is part of the fingerprint computation. We don't have a tool yet to do
this. Needs to be written. GnuPG 2.3 will record the creation time to
make things easier in the future. For now you need to guess the time
(the "protected-at" value in the key file might give a hint) and weel,
write a little tool to compute the fingerprint.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Recovering private keys in a friend's GPG installation [ In reply to ]
On 2020-09-21 at 12:58 -0400, Andrew Engelbrecht via Gnupg-users wrote:
> My best guess is that these 3 keys are associated with some older
> private keys, and were merely left behind. If there is a way to check
> the fingerprint of the keys they belong to, and to import them, that
> would be super helpful. Is there a way to do that?
>
> Thanks, : )
> Andrew

Hello Andrew

gpg --list-keys --with-keygrip will give you the keygrip of the public
keys you have. The filename of the private keys are the keygrip.

If they are associated with public keys nobody has then, while it would
be possible to recreate an equivalent gpg key if you had the key
creation time, it would probably be simpler to create new keys.

Best regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users