All my Passwords are lost
Ángel
angel at pgp.16bits.net
Mon Apr 26 01:41:52 CEST 2021
On 2021-04-25 at 08:41 +0000, Vincent Pelletier wrote:
> On Sat, 24 Apr 2021 15:19:07 -0700, "C.J. Collier" <cjac at colliertech.org> wrote:
> > you could maybe ask a pause admin to decrypt and
> > re-encrypt to a key that you own, sending you back the encrypted file.
>
> Two ideas from a gpg-internal *UN*aware point of view:
> - I assume gpg file encryption works by generating a random symmetric
> cipher key, encrypting the file with this symmetric cipher, and
> only encrypting the symmetric cipher's key with the asymmetric cipher
> public key.
> If so, then the encrypted symmetric key could in theory (...again, I
> do not know enough of gnupg internals) be extracted and be the only
> thing sent for decryption and sent back deciphered.
Yes, passing that key is even supported out-of-the box. See the
options:
--show-session-key
--override-session-key
The "encryption header" could be extracted with gpgsplit.
> I believe (again, not an expert) decryption and signature use
> different parameters in gpg, so from the pause admin point of view
> they should not be worried about inadvertently signing a hash, but
> actually deciphering a symmetric key (which can otherwise be a
> concern).
Yes. Their concern should be that maybe someone sent them a secret
message and is now trying to social engineer them with a story of
pw.txt.
Marek, didn't you make backups of this encrypted file? How did you plan
for the event that your hard disk broke?
Also, for the future, you may be interested in "gpg -d < pw.txt.gpg",
as well as pass (https://www.passwordstore.org/)
Cheers
More information about the Gnupg-users
mailing list