git-crypt does not unlock files ...not able to view the file after unlock on MAC

[beravelli]

I did lock the files using git-crypt lock and I see they are not readable...when I tried to do git-crypt unlock /path/to/key it exits with out any errors, but not able to see the content of the file..it is in encrypted format...can I decrypt the file with the key I have...

I need to disable the encryption for terraform to work.

FYI...I lost important state files and do not have back up. Please help

[cunneen]

I too have had issues on a mac. Something to do with the interaction of gpg and gpg2 and their key details.

This comment on Issue #99 had the answer :

for i in "./.git-crypt/keys/default/0/*.gpg"
do
  filebase=`basename $i | sed -r "s/\.([^.]+)$//"`
  gpg2 -v --output "./.git-crypt/keys/default/0/${filebase}-decrypted.gpg" --decrypt "$i"
done

Then in your .git-crypt/keys/default/0 folder, you should have a file with a -decrypted.gpg extension. Use that file as the argument to git-crypt unlock <your_file_here> .

[cunneen]

I also managed to get git-crypt working transparently again, by exporting the secret key from gpg2 and importing it into gpg:

gpg2 --export-secret-keys -a --output dummy-example-com-secret.gpg dummy@example.com
gpg2 --export -a --output dummy-example-com-public.gpg dummy@example.com
gpg --import dummy-example-com-secret.gpg 
# set the key to trusted
expect -c "spawn gpg --edit-key dummy@example.com trust quit; send \"5\ry\r\"; expect eof"

After that my git-crypt unlock works fine.

[jhnlsn]

I'm having the same issue, however, in my case 1 file out of about 20 files does not pass the smudge filter. After that the rest of the files are not decrypted and the process fails. All files were checked in at the same time, i'm not sure why one file got corrupted. If I checkout the repo, and delete the 1 bad file, i'm able to git-crypt unlock successfully.

[m477r1x]

I've just found this because the same problem is happening to me. I've followed the instructions from @cunneen however i still cannot read the contents of the files. During the unlock process, it successfully reads the correct key in my gpg keychain and asks me for the passphrase, which is then accepts. It just doesn't seem to actually perform the unlock action. Did anybody ever discover anything more about this?

[mangatmodi]

Stuck on the same issue

[esantoro]

I'm stuck on the same issue: git-crypt unlock unlocks most of the files but not all of them.

I tried decrypting my key and use that to decrypt the repo but nothing. I've re-cloned the repo but nothing. I've exported my private/public key and reimported it but nothing.

i'm using git-crypt 0.6.0 and git version 2.17.1, gpg 2.2.4 and libgcrypt 1.8.1

[esantoro]

Found a fix for my case. This was weird however because my coworkers working on the same repository are not encountering this problem.

Anyway:

In my case, after digging into the sources, recompiling (with -g just in case), adding prints (std::cout really) here and there and verifying each stage of the process (unlock, git filters configuration, git filter invocation) etc etc i concluded that the code was sound enough and the problem was not really in the code.

By adding some std::cout << stuff << std::endl; here and there (specifically in the smudge function -- command?) it seemed more evident that some paths from the .gitattributes were being picked for smudge-ing and some not.

So I made the paths regex for the missing files less "smart" (aka less regexps, less **, more explicit and repeated paths) and it started picking up the files.

I wrote all this not to brag about this, but for other people (this looks like a common problem) to double-check the path regexes in the .gitattribute file.

I just checked on one of the VMs where i used for testing and the .gitattributes fix works there too.

TL;DR: double-check the paths in your .gitattributes. try making it more explicit (less regexes)

[MajaScherman]

Similar problem. I changed computers, and doing that I installed the wrong gpg version on my new computer. I needed to use gpg2 instead of gpg.