Files need to be rekeyed

[richburdon]

Unlike the other issues I've read, I didn't re-install OS/X or the app.

I have two devices and a paper key. I get the error on all devices, so I can't "open another computer to unlock." I can't think of any activity that might have caused this -- it just stopped working about a month ago.

OS/X Sierra 10.12.4 (16E195) Version 1.0.21-20170413194119+9dea6e1 (1.0.21-20170413194119+9dea6e1) Account name is the same as my github handle.

Help?

(BTW, It's OK to reset the folders if that's necessary).

[maxtaco]

Can you take a screenshot?

[richburdon]

Hi @maxtaco, of what? The notification shows up top-right for a second then disappears.

(reset message below if that's needed).

BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5wcIkHbs4YOqJo eT9VEKDZXlLmCmg KT0DoA4mjDxKqRs RoRHe6deRVxTDEM AfKPJNRmjHRAJtB WWTdpuKkfGuBM37 MDyXIZV5vvqKwVY 1wRJia9s2htgtmm MC3FZdojL6jNpef VAiDtnywFpIBFCp HZJo2TVQqhgTpRA 7ri6GnwkClTiOTo ACGL76FvW3L7ONy Sa9Lw7dLgij2Xel 5yza7IG43kYW6Wm MFWHxCicarAfpH7 AMkN6jN0RDxFNpN mwainNQfwwaVndl uW8aC0oQ9koIn7J TMmpZP75Lmdt5yw RP1Ix7KI7mGsGM6 eN9XiSF4U4Uk6E0 o15mVJMPw8ZvKzs dyhFPuk3QjUgnO7 EDUrsu. END KEYBASE SALTPACK SIGNED MESSAGE.

[maxtaco]

According to our view of the world, all of your folders are fully keyed. So I want to know what you're seeing. Maybe try a keybase log send and @strib can take a look?

[strib]

There's already a log send: 4e78f915f0bfb26b2bf7b41c

[richburdon]

I sent a keybase log send a couple of minutes ago from one of my machines. I'll do it again now from this one.

Sent: Log ID: 03bbbbc8f5f469e2f727fb1c

[maxtaco]

Sorry I missed it. From my perspective, all folders are rekeyed, so it could be a buggy warning, or it could be that our tool to check for rekeyedness is buggy

[richburdon]

New error: "the read operation took too long..."

Also, note: I get "permission denied" when I "ls" from the private directory.

[strib]

I won't be able to confirm until I'm back in the office tomorrow, but looking at your Keybase chain (https://keybase.io/richburdon/sigchain), it seems like you've revoked a significant number of devices. I'm guessing there was a point in time when you had lost all your previous devices and paper keys, and your private folder was only keyed for those devices. When you added new ones, there was nothing available to rekey for them, so the data stayed keyed only for those old devices.

(@maxtaco: our problem sets API doesn't show folders that are permanently unrekeyable, as we've discussed before, so this wouldn't show up there.)

@richburdon: if this sounds plausible, the only solution is to ask us to reset the affected folders completely, losing any data that was in there. I can do that for you tomorrow. If you want us to reset your folder, please run this command on an currently-valid keybase device, and substitute the current date and time where indicated:

keybase sign -m "<DATE_AND_TIME>: Please reset folder /keybase/private/richburdon because all the devices that have access have been revoked."

and post the results here.

[maxtaco]

What happens if you keybase logout and keybase login?

[richburdon]

@maxtaco Same error after logout/login

@strib Yes, that's possible. I think I got stuck at one point and probably tried to reset/create new devices to try to dig myself out.

It's fine to reset the folder (see above), but here's the crypt again:

BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5wcIkHbsDN8DZ8 qu5LCzIDI5RzcGs jG7UPveR2ZDVDhP tEO1GzXwWKjYWZA PIESKXYUPvyuJ6U s26Zo7oNlcBJlLe qLOEY75bz2SW0fF ljzJ0zDN6xlvI8A UmjXwOxT2u2BD35 eZpUp9AGPRyjBXZ 12LtUj4wjKCi6q6 K1I85gUmH2BtxS0 fvgWntrUhOiOli9 VYpYT7h2JNJqOxP XZvz5n5WohXMrT8 nhUF4pr0d8PKZaC h7KOzQgrBUUjjRq gLOa9e3Mm16gLXJ LGN9cTm0LbKRTvl NRIbbJ0l0xLt9F8 rEHI19fUppUyXwi W8JSIUXLldmzmIQ Q6Jp0d91Xmbuq9r hGpz4351JS77w43 B19ij5HNJGh5Knw JhqYvfjGVJF6a5G QsWPzkaI9BwtADM Pieu9l58770CBoG NjaByZ7js. END KEYBASE SALTPACK SIGNED MESSAGE.

Thanks!

[strib]

D'oh, I missed that above, sorry! Will do it tomorrow morning, pacific time.

[richburdon]

Also, while I'm here, QQ. Once a device is deleted, that name is taken right? So over time I need to start being creative when adding new machines? Or can I transfer a name?

@strib Thanks I'll check tomorrow and close-out if everything is cool.

[strib]

Once a device is deleted, that name is taken right? So over time I need to start being creative when adding new machines? Or can I transfer a name?

We need to be better about mentioning this when you make a new device, but no, a device name isn't reusable for security reasons. (It's hard for us to prove to someone else that someone isn't trying to impersonate your old device, for a variety of reasons buried elsewhere in github.) It's good practice to put a date or something in your device names, to make them more unique.

[richburdon]

OK. That makes sense: burdon-macbookpro-2017-Q1 :)

[strib]

@richburdon: ok I confirmed that the folder was not keyed for any of your current devices, and reset it. Please check it out and close if things look ok. (Might require a KBFS restart.)

[richburdon]

All good now. Thanks very much.