GNUGP new key with old data under an old gnu version - how to fix it?

ADNPLANET info at adnplanet.com
Mon Mar 2 23:14:00 CET 2020 

Thanks Andrew!

I fixed the issue with your tips.

I get a backup of the deleted old version keys and use that to display old
data and the new key to enter and display the new data.
Both are installed and both are working fine.

Many thanks for your help!

Fabian

-----Mensaje original-----
De: Gnupg-users <gnupg-users-bounces at gnupg.org> En nombre de Andrew
Gallagher
Enviado el: jueves, 27 de febrero de 2020 07:32
Para: gnupg-users at gnupg.org
Asunto: Re: GNUGP new key with old data under an old gnu version - how to
fix it?

On 26/02/2020 20:09, ADNPLANET via Gnupg-users wrote:
> 
> The new gnugp key was generated under version 2.0.22 and the data 
> stored in database is under gnugp 1.45 Then.. ALL new record is 
> encrypted perfectly and appears in the database, but the archive of a 
> LOT records are missing, because the system is not displaying the data 
> encrypted with the old version.

Firstly, are you sure you have both the old and new keys in your private
keyring? If an encryption key expires, it just means that nothing should be
encrypted *to* it any more, but unless you believe that it has been
compromised it is still safe to use to process existing data. So don't
delete it. :-)

If you do have the old key but it isn't decrypting the old data, then it may
be because the old data is using an outdated format. Try passing the option
--ignore-mdc-error and see what happens. Are there any error messages
emitted? Can you export one of the encrypted blobs to local disk and decrypt
it on the command line?

> My questions :
> 
> 1 - is possible to dwongrade the GNUGP version to 1.45 in the server 
> using cpanel + cloudlinux and then, re-generate the key using the old
> 1.45 version?

Yes, but I would only recommend this as a last resort. Also note that if you
do this you will lose access to all your *new* data, which may be a worse
outcome for you, depending on your use case.

> 2 - or is possible to update the entire database to read the encrypted 
> data wit the new key generated under the new version?

Yes, but it will depend on you being able to decrypt the old data so we
should fix that problem first...

> 3 - or i´m doing something wrong ???

Maybe, what *exactly* are you doing? Without divulging any secrets. :-)

--
Andrew Gallagher

More information about the Gnupg-users mailing list