search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

private key disappeared #393

Closed weisjohn closed 9 years ago

weisjohn commented 10 years ago

keybase.io says I haven't uploaded a private key. I generated it on the site, but I didn't store it on the server. I copied it out of the text boxes. The public key had a header and footer, but the private key did not.

Public key header:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v0.1.1
Comment: https://keybase.io/crypto

Public key footer:

-----END PGP PUBLIC KEY BLOCK-----

I tried importing the private key with the command:

gpg --allow-secret-key-import --import private.key

I tried importing the private key as it was shown to me, I tried importing the private key with a header block like (as inspired by #54):

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: Keybase OpenPGP JS 0.0.1

but each time, I got the following error from gpg:

$ gpg --allow-secret-key-import --import ~/Desktop/private_.key 
gpg: packet(1) with unknown version 98
gpg: read_block: read error: Invalid packet
gpg: import from `/Users/jweis/Desktop/private_.key' failed: Invalid keyring
gpg: Total number processed: 0

I have no idea what to do. I think #35 , #54 are related? Am I going to have to start over?

leedavis81 commented 10 years ago

You've actually saved the "encrypted" copy of your private key

When creating your key from the web interface. Once it's completed uncheck the "Host encrypted private key, too (recommended)" box and it'll display the unencrypted version of the private key (with header / footer)

I'm not sure what value there is in displaying the encrypted version. It could be beneficial to just remove it from the interface to avoid confusion.

zQueal commented 10 years ago

Click on the blue cog on your profile and click export my private key from keybase.

Once you enter your keybase password it will decrypt your private key, and will display it for you.

image

Copy the contents into a file on your desktop, such as weisjohn_private.asc and simply import: gpg --import -a weisjohn_private.asc

Done. :)

weisjohn commented 10 years ago

@Xanza thanks for the reply, but I don't think I have that option:

zQueal commented 10 years ago

I must have read your initial post incorrectly.

I generated it on the site, but I didn't store it on the server. I copied it out of the text boxes. The public key had a header and footer, but the private key did not.

Unfortunately it looks like your public key is encrypted by triplesec and might be unrecoverable. About the most I can do is tag the developers in this post to hopefully grab their attention.

At best there is a way to decrypt your private key, and you'll be on your way. If not, then you might have to create a new private/public key pair and ensure that you have a copy of the decrypted private key this time. :(

@maxtaco @malgorithms

jbaruch commented 10 years ago

Exactly same problem here. Regenarating keys :(

m-mcgowan commented 9 years ago

Same problem here. Have to regenerate keys and request people to resend their messages. :-(

+1 for removing this from the UI and only showing the unencrypted key.

ghost commented 9 years ago

did you try to decrypt the encrypted copy of your private key?

m-mcgowan commented 9 years ago

No I didn't. I presumed whatever triplesec key was used to encrypt was long gone. Since I didn't find any info on how to decrypt the key, I did what I could to get moving again.

ghost commented 9 years ago

If I recall it right, then keybase uses your password you also use to login, unless you explicitly chose another.

Am 12. Dezember 2014 14:28:37 MEZ, schrieb Matthew McGowan notifications@github.com:

No I didn't. I presumed whatever triplesec key was used to encrypt was long gone. Since I didn't find any info on how to decrypt the key, I did what I could to get moving again.

Reply to this email directly or view it on GitHub: https://github.com/keybase/keybase-issues/issues/393#issuecomment-66772200

Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

malgorithms commented 9 years ago

Hi guys - it seems the last couple people to have this problem were saving a triplesec copy of their key and not the standard PGP-armored one. To prevent this from happening again:

  1. I've stopped displaying what's being sent to the server to avoid this confusion. sorry for the bad communication
  2. I've changed the wording some there, too.

Since it looks like the couple of you this happened to just ended up making new keys, I don't think we need to work on a recovery effort. But if someone has a triplesec copy of their key and their keybase password, it is technically recoverable.

In case anyone is wondering, the reason we don't store PGP private keys in standard format (even with passwords) is that triplesec'ing them protects them from a number of attacks. Brute forcing triplesec is extremely expensive. And a someday failure of one of the 3 ciphers it combines leaves them protected still. More info here: https://keybase.io/triplesec

Closing this issue.