search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.18k stars 475 forks source link

git-crypt fails to unlock encrypted files upon cloning new repo in production server #181

Open kir12 opened 4 years ago

kir12 commented 4 years ago

I'm attempting to clone my repo in a production server and decrypt my files there. I had already encrypted the repo beforehand with git-crypt add-gpg-user and it works fine on my development machine, but nothing I'm doing seems to re-unlock the repo on the production server. Specifically, I get the error

Error: no GPG secret key available to unlock this repository.

I attempted to make a new GPG key on the production server, but that didn't help. I also don't know if my development machine has a GPG key linked to git-crypt add-gpg-user, meaning I don't have a key to export. I apologize if this seems like a trivial problem -- this is my first time using GPG and I have no idea what's going on. Can someone give me some guidance?

kir12 commented 4 years ago

I was able to resolve the initial issue using git-crypt export and scp, but I'm still very interested in knowing how I would unlock the new repository using only GPG keypairs.

alerque commented 4 years ago

This really isn't a question about git-crypt so much as how to use GPG. You need to export your secret keys from one machine and import them on the other. Once the secret keys are present and a GPG agent is running that has the keys unlocked, the other system will be able to unlock the git crypt repository.

It's probably best to play around with the GPG tools directly first before trying to figure out how to work git crypt. Most of the misunderstanding is on that side of things. Try encrypting a small file to yourself with something simple like echo "super secret test" | gpg -e -a > encryptedfile. You can decrypt it using gpg -a -d < encryptedfile. If that works then transfer that encrypted file to the other machine and try to decrypt it there. In order for that to work you'll need to get your secret key transferred and setup properly.

Once those basic GPG tools work for you, you won't have any trouble with git-crypt which uses them as building blocks and expects them to work.

tbenst commented 2 years ago

Try encrypting a small file to yourself with something simple like echo "super secret test" | gpg -e -a > encryptedfile. You can decrypt it using gpg -a -d < encryptedfile.

Amazing advice, thank you! Wish I could sticky. In my case, issue was I was using ssh and missing the GTK prompt to enter password, leading to silent failure (gosh, gpg is so unfriendly...). Fixed following https://askubuntu.com/a/858947 and also running export GPG_TTY=$(tty). After I got gpg -a -d < encryptedfile working, git-crypt unlock worked just fine.

This may also be the solution for https://github.com/AGWA/git-crypt/issues/181