Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: Amarillo, T Amateur photographer, published author. Interests: astronomy, political science & freedom of press. Been: 37 countries. Lived: 3 continents.X
Distribution: linux mint mate kfce 18.1
Posts: 7
Rep:
GnuPG backup failure... ooops.
Okay. I need some gpg advice so this doesn't happen again.
I have some webspace on a server and so I had this wonderful, brilliant idea! I was going to gpg encrypt 3 folders on my own computer, then use FileZilla to upload them and store them on my server. Since they were encrypted, it should be good. Kinda like my own private DropBox with unlimited space.
I automated this and did this little procedure once a day and all was good in lala land until the dreaded time came....
I wanted to reinstall Linux (I was bored) and I thought, No problem! My backups are installed safe and sound on my web server site. I'll just redownload them later with FileZilla and unencrypt them!
Well everything went marvelously as planned. I reinstalled my Fedora 27 KDE. I reinstalled FileZilla. I downloaded my encrypted folders from my site... except when it came to the small pesky problem of dencrypting my own pgp folders. At which point I was told I could not. The exact error message was:
Code:
$ gpg -d Documents-zip.asc
gpg: can't open `Documents-zip.asc'
gpg: decrypt_message failed: file open error
What is the correct way to do this so it doesn't happen to me again? I'm assuming it's because I didn't have a backup of my public and private keys. Is that correct?
gpg: decrypt_message failed: file open error[/code]
I bet this is not a problem with cryptography.
Have you checked the rights on the file that you try to decrypt?
Secondly. When you install Linux and want to overwrite an existing system, it helps to have the home directory and possibly all other files which are not needed for the system to function, on separate hard disk partitions. That is what partitioning is all about.
Installing an operating system does never mean to lose your private data, documents, collections.., whatever. On the other hand, when you prefer to keep these data on an external drive, on a remote server (as gentle hosting-services or malicious weasels are eager to provide) or other, then why keep a local copy? At least, you would immediately stumble over any problem with the encryption, should there be one.
The good news is, I think: file open error probably means exactly what it says. Check permissions and triple-check your command line. If the key was missing or wrong, GPG would tell you that, not this.
I keep my most critical cipher keys on non-volatile media such as CD-ROMs as well as memory sticks which are kept locked in a fire-safe.
If you use encryption to protect files that only you will access to, afterwards, let's say in exactly the way that the OP described, above (for example), symmetric encryption is most appropriate. All the same, you may choose a key-file in this case and might run into trouble when you lose it.
But even if you content with a nicely composed passphrase, symmetric encryption (option -c to gnupg) is alright in most cases, where you do not need to communicate data to other people.
(There had been a short exchange on LQ where someone stated and wanted to impose the contrary. But I am right and she/he was wrong. Foll Stop. Look it up in case of doubt. It is in the book right beside the Grimms' tales and a better read, anyway. Believe me.).
Last edited by Michael Uplawski; 03-18-2018 at 04:40 AM.
Well everything went marvelously as planned. I reinstalled my Fedora 27 KDE. I reinstalled FileZilla. I downloaded my encrypted folders from my site... except when it came to the small pesky problem of dencrypting my own pgp folders. At which point I was told I could not. The exact error message was:
Code:
$ gpg -d Documents-zip.asc
gpg: can't open `Documents-zip.asc'
gpg: decrypt_message failed: file open error
What is the correct way to do this so it doesn't happen to me again? I'm assuming it's because I didn't have a backup of my public and private keys. Is that correct?
I'm a gpg noob myself, so take what I say with a grain of salt.
"file open error" -- this may just be an issue of file permissions. I will point out that, when decrypting files, you should generally specify an output file name or GPG will simply dump the decrypted output to your terminal window. You might consider this command:
Code:
gpg -o Documents-zip -d Documents-zip.asc
It's my understanding that gpg would search for the appropriate key in your gpg key ring. If you failed to back up this key, you are s.o.l.. If you made a backup of the keys, you'll need to import them (at the very least your private key) to your key ring before trying to decrypt anything that was originally encrypted with them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.