search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.18k stars 475 forks source link

git-crypt no gpg secret key available to unlock this repository #143

Closed uioporqwerty closed 5 years ago

uioporqwerty commented 6 years ago

I'm trying to unlock a repository on another computer. From PC A I exported the private key as private.asc and then I import it on PC B using gpg --import private.asc. However when I run git-crypt unlock I get the following error:

$ git-crypt unlock
Error: no GPG secret key available to unlock this repository.
To unlock with a shared symmetric key instead, specify the path to the symmetric key as an argument to 'git-crypt unlock'.

Why does this happen? I'm using Windows 7 and MSYS2 64 bit terminal.

arrfab commented 6 years ago

Well, I do't know how you have extracted the private key, but at least that's not the correct way to import it back in secring : --import would only import a public key, if you want to import the private key part, you need : gpg --allow-secret-key-import --import private.key

uioporqwerty commented 6 years ago

So on PC A I ran the following commands to export the public and secret keys.

gpg --export -a 40CD5608 > public.asc
gpg --export-secret-keys -a 40CD5608 > secret.asc

which I then transfer both files to PC B and then run the command previously to import the private key gpg --import private.asc.

I deleted the keys with gpg --delete-secret-key 40CD5608 and gpg --delete-key 40CD5608 which cleared out my keyring. But after running gpg --allow-secret-key-import --import secret.asc the git-crypt command still returns the error above.

Running gpg --list-secret-keys and gpg --list-keys returns the correct information for the email address I'm using for the GPG.

My collaborator list:

Author: uioporqwerty <nitish.sachar@protonmail.com>
Date:   Mon Nov 20 22:13:07 2017 -0800

    Add 1 git-crypt collaborator

    New collaborators:

            40CD5608 Nitish Sachar <nitish.sachar@protonmail.com>

Response from gpg --list-secret-keys

/home/nsachar/.gnupg/secring.gpg
--------------------------------
sec   4096R/40CD5608 2017-10-31
uid                  Nitish Sachar <nitish.sachar@protonmail.com>
ssb   4096R/7359C7C7 2017-10-31

Reponse from gpg --list-keys

/home/nsachar/.gnupg/pubring.gpg
--------------------------------
pub   4096R/40CD5608 2017-10-31
uid                  Nitish Sachar <nitish.sachar@protonmail.com>
sub   4096R/7359C7C7 2017-10-31
uioporqwerty commented 6 years ago

Nevermind, guess it is resolved now.

Jomik commented 5 years ago

@uioporqwerty Should probably close this if it is resolved :+1:

wfxr commented 5 years ago

I have the same problem. How did you resolve it @uioporqwerty ?

wfxr commented 5 years ago

Oh I find what's wrong. I use ssh over pip to import key as this:

gpg --export-secret-keys wenxuangm@gmail.com | ssh <remote> gpg --allow-secret-key-import --import

There is no error message. But actually --allow-secret-key-import option does not take effect. When I copy the key and run gpg --allow-secret-key-import --import secret.asc on the new machine, the secret key was successfully imported. And git-crypt unlock does not complain anymore.