Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Environment: HP laptop with Windows XP SP2
I had created some encrypted files using GnuPG (gpg) for Windows. Yesterday, my hard disk failed so I had reimage the hard disk. I have now reinstalled gpg and regenerated my keys using the same passphrase as earlier. But, I am now unable to decrypt the files. I get the following error:
C:\sureshr>gpg -a c:\sureshr\work\passwords.gpg
gpg: encrypted with 1024-bit ELG-E key, ID 279AB302, created 2008-07-21
"Suresh Ramaswamy (AAA) BBB"
gpg: decryption failed: secret key not available
C:\sureshr>gpg --list-keys
C:/Documents and Settings/sureshr/Application Data/gnupg\pubring.gpg
--------------------------------------------------------------------
pub 1024D/80059241 2008-07-21
uid Suresh Ramaswamy (AAA) BBB
sub 1024g/279AB302 2008-07-21
AAA = gpg comment
BBB = my email address
I am sure that I am using the correct passphrase. What exactly does this error mean? How do I tell gpg where to find my secret key?
Thanks,
Suresh
You need to import not only your secret key, but also the corresponding public key, or you'll get this error.
when reimporting your keys from the old keyring, you need to specify the command:
gpg --allow-secret-key-import --import <keyring>
otherwise it will only import the public keys, not the private keys.
Yes, your secret key appears to be missing. Without it, you will not be able to decrypt the files.
Do you have the key backed up somewhere?
Re-creating the keys, whether you use the same passphrase or not, will not work. Each key pair is unique.
workmad3 is apparently out of date, at least for current gpg, as the --allow-secret-key-import is now obsolete and does nothing.
What happened to me was that I failed to export properly. Just doing gpg --export is not adequate, as it only exports the public keys. When exporting keys, you have to do
gpg --export-secret-keys >keyfile
One more cause for the "secret key not available" message: GPG version mismatch.
Practical example: I had been using GPG v1.4. Switching packaging systems, the MacPorts supplied gpg was removed, and revealed another gpg binary in the path, this one version 2.0. For decryption, it was unable to locate the secret key and gave this very error.
For encryption, it complained about an unusable public key.
However, gpg -k and -K both listed valid keys, which was the cause of major confusion.
The resolution to this problem for me, was to notify the sender that he did use the Public key that I sent them but rather someone elses. You should see the key that they used. Tell them to use the correct one.
Related
I have been trying to import a RSA key container from aspnet_regiis. Steps are as follows.
Run the command prompt as administrator
cd C:\windows\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis -pi myrsakey E:\keyfile.xml
When followed the above steps I get the error as follows
**
Importing RSA Keys from file.. Keyset as registered is invalid.
<Exception from HRESULT: 0x8009001A> Failed!
**
For this "Keyset as registered is invalid" error almost every web result says to try renaming RSA file in the path C:\Users\myuser\AppData\Roaming\Microsoft\Crypto to RSA.old and reboot. If that does not work try renaming Crypto folder as Crypto.old. Eventhough I tried these steps it did not resolve the above issue. I am even running the cmd as administrator. So I was not sure what I am missing in here. Would you be help me to find a solution or a workaround for this issue.
Thanks in advance
Okay I found the answer.
As I was installing this RSA as a machine level key I should have renamed the RSA to RSA.old in the path C:\ProgramData\Microsoft\Crypto
After rename and I reboot the system. And then did the above mentioned steps again in the cmd. This time it succeded.
Previously I was renaming the RSA folder in the wrong place which is in my personal area (C:\Users\myuser\AppData\Roaming\Microsoft\Crypto).
I was able to save my key on GitHub. (It does not end in .pub).
When testing if this was done correctly and using the 'ssh -T git#github.com' code, there is something off.
The terminal asks me if I want to continue, and I wrote 'yes', then a pop-up box asking for a password came up... I input nothing and clicked "unlock", which resulted in the bottom code saying "Permission denied". (see screenshot).
I'm not sure what to do here--I have followed the instructions multiple times.
Please let me know how to fix this.
When you add your SSH key to GitHub, that would be the one ending with .pub.
Then, double-check the correct private key is used with:
ssh -Tv git#github.com
It would ask for a passphrase only if you have created the private key with a passphrase.
If you did, make sure to add your key to the agent first.
Check also your ~/.ssh permissions.
I would like to find a way to store encrypted file in my github repository that Heroku can decrypt on-the-fly (it's not env var but plain old .csv files).
I used git-crypt successfully on my machine but it seems that I cannot add a gpg key to heroku.
When I connect to heroku-cli and I try to create a gpg key usingheroku run gpg --gen-key I got the following error:
gpg: signing failed: Inappropriate ioctl for device
Anyhow, I'm not even sure git-crypt is the right way to go, so feel free to gave me any other alternative solution.
I've been trying to sftp with the package Net::SFTP and an RSA key. I can manually sftp without password to my sftp server but when using the package it doesn't work. I'm running out of idea.
my $ftp = Net::SFTP->new($HOST, user => $USER, ssh_args => { identity_files => [ "/Users/user/.ssh/id_rsa" ] }, debug => 3 );
It gives me the following error:
Trying pubkey authentication with key file '/Users/tom/.ssh/id_rsa'
FATAL: rsa import failed: Invalid input packet. at
/Library/Perl/5.18//Crypt/PK/RSA.pm line 123.
Any help would be much appreciated,
Thanks!
I just ran into this myself.
The problem is that my (and your) private keys are encrypted, as you noted in your comment. An encrypted private key requires you to enter the password before it can be used, and it seems the perl module doesn't support this.
You claimed that you didn't need a password when using this key, but perhaps that was because sftp was using your ssh agent? i.e. where you enter the password once and then the key remains in memory for use by all ssh-family of tools? It would appear that the perl module doesn't support the agent, either, but #salva's suggestion to use Net::SFTP::Foreign should solve that.
It's worth noting that I got this exception while running code that used to work just fine on my workstation, but on a new install of perl. I think what happened is that the Net::SSH::Perl module added support for reading private keys or changed the failure to read a private key into a fatal error rather than just ignoring the key. My code wasn't using a key anyway, but now won't work with that encrypted key around. This is fixed with:
my $sftp= Net::SFTP->new(
...
ssh_args => [ identity_files => [] ]
);
and of course you could add a list of specific (unencrypted) identity files that you want it to use rather than the default user's RSA id.
If the code isn't easily edited, you could also avoid the problem by setting the environment variable $HOME to something that doesn't have a key in it.
I had follow the steps given in so many docs like this one,
after creating a key i pasted it in my GITHUB account>account settings>SSH key.
When I add it there it shows a message:" key is invalid".
I really don't link the tutorial part which mentions:
Save the private key somewhere with a passphrase and then copy the public key text to the clipboard.
"somewhere"? ssh keys must be saved in %HOME%\.ssh.
(Note: %HOME% doesn't exists in windows, and default to %USERPROFILE%)
Make sure to have your public and private keys saves in:
%USERPROFILE%\.ssh\id_rsa
%USERPROFILE%\.ssh\id_rsa.pub
set HOME=%USERPROFILE%
plink git#github.com