maxtaco
commented
7 years ago Did you provision the second device after you performed the encryption?
If so, the original encryption wasn't encrypted for your new device.
Open McShauno opened 7 years ago
maxtaco
commented
7 years ago Did you provision the second device after you performed the encryption?
If so, the original encryption wasn't encrypted for your new device.
brndnblck
commented
7 years ago @maxtaco is it possible to decrypt a file on a new device that was provisioned after the file was originally encrypted if you use a paper key? In that scenario, would the paper key need to have been created pre-encryption?
maxtaco
commented
7 years ago cc: @mlsteele and @oconnor663 who have thought a bunch about this.
oconnor663
commented
7 years ago @brandonblack yes, and yes. Take a look at the keybase decrypt --paperkey flag.
Right this very second we're working on a new version of saltpack to solve this problem, by using shared encryption keys that later devices can get a copy of (the same keys we use to encrypt files in KBFS). Hopefully the "use a different device" scenario will be a thing of the past. Sorry for all the trouble in the meantime.
A couple days back I encrypted a file on my mac using:
keybase encrypt mcshauno -i secret.txt -o secret.txt.x
I then put that file in my Dropbox. I then attempted to decrypt that file on another computer (that had keybase installed with the same account) using:
keybase decrypt -i secret.txt.x -o secret.txt
And it fails and tells me I should try on other devices. I imagine I am missing something simple here but would appreciate some help. Thanks!