deleted certificate then imported it now passphrase invalid

I deleted my certificate in Kleopatra. Then I imported it back in from my secret key file that I had saved, but now, when I try to decrypt files, the passphrase I had been using does not work. It says Invalid Passphrase.

I read in the manual where you could setup a certificate on another computer by importing the secret key. So I assumed that the same password would work.

Have I lost access to my encrypted files, or is there something I am missing? Please help.

You have to have a public and secret key (pair) to encrypt / decrypt.
As I understand you, you only imported the secret key and you did not import the public key.
If you also import your public key.

Ok. Let me explain some more what I did. I have a file called secret-key-6168AA02.asc. This file was created when I first setup GPG4Win on my computer. It apparently has both the public and private keys. When I open it with notepad, I can see a section labeled -----BEGIN PGP PUBLIC KEY BLOCK----- followed by a long list of characters and also a section labeled -----BEGIN PGP PRIVATE KEY BLOCK----- followed by another long list of characters. I imported this in using Kleopatra and got the message: processed 2, imported 1, secret keys imported 1. The certificate then appears in My Certificates. Then I tried to decrypt a file that I have decrypted before, but it says passphrase invalid.

Before I deleted the certificate, I also exported it to a file called 349F8D86561CF6ED654AC8078F72A0866168AA02.asc. This file apparently has just the public key, because in notepad you see -----BEGIN PGP PUBLIC KEY BLOCK----- followed by characters. I tried importing this file in on top of the first importation with the message: processed 1, imported 0. I still get invalid passphrase.

I have a third file that I created by exporting the secret key called copy secret key.gpg. I tried importing it in on after importing the other two and got the message: processed 1, imported 0. Passphrase still does not work.

I have also started over, by deleting the certificates again, and the importing first the file called 349F8D86561CF6ED654AC8078F72A0866168AA02.asc succesfully and then the file called “copy secret key.gpg.” Passphrase still does not work.

Something else I have found is that the private key seems to change during the import. When I start over and import the file that has the public and private keys, that is the file named secret-key-6168AA02.asc, I get the following message:

Total number processed: 2
Imported: 1
Unchanged: 1
Secret keys processed: 1
Secret keys imported: 1

Then I exported the secret keys from this result to a file called sec-key-2.asc, then I compered this file with the original imported file using Notepad, nad they are not the same. The block of letters labeled as the Public Key is exactly the same, but the block of letters labeled as the Private Key are different.

So, somehow the Private Key gets changed during the importation. How can I stop this changing?

Disregard my last comment. I tried it again, and this time the private keys were the same. I don’t know how they came out different before.

In any case, my passphrase still doesn’t work. I even tried installing gpg4win on another computer and importing my keys, but the passphrase still did not work.

First enter the public key and then the secret key. If you did a good job in the GPA software to stand (the Detailed option - click on your key in the window):
-In the lower part of the window (Details / Signature / Subkeys):
“The key has a private and a public part”
“The key can be used for certification, signing and encryption.”
"Select default key: your user name and 8-bit ID number.
If necessary, the “Keys / Set Owner Trust” option should be Ultimate.

I followed your recipe using GPA to import first the public key and then the secret key, and it said the following in the lower area of the window:
“The key has a private and a public part”
“The key can be used for certification, signing and encryption.”
Then I made it the default key and set the trust to Ultimate. However, the passphrase I have been using still will not work when I tried to decrypt. It says passphrase invalid. The file I have that contains the private key is a backup from when I first setup gpg4win on my computer last March. I have been using the same password since then, and I never changed it. I used this passphrase successfully up until I deleted the keys. It was after I imported these keys back in is when the passphrase stopped being valid.

I don’t understand why the passphrase doesn’t work. I tried setting up a new set of keys and deleting them just to see what happens when I import it back in. The passphrase works fine for this new set of keys after importation. So why doesn’t my passphrase work for the other keys? Did it change somehow when deleting the keys?

At this point, I am feeling that I might have to accept that I have lost all my encrypted files.

Try encrypting (with the keys you have) one file (to yourself) and then decrypting the same file. When encrypting the file, it will not require a password, and when deciphering, it will ask for a password. Can you open this file now? If you can then have the wrong keys to open old files.

I did as you suggested. I used the keys I have to encrypt a file, and, then, tried to decrypt the encrypted file, but, once again, the passphrase is invalid.

The keys that I have, I saved back in March, and I didn’t ever set up new keys with the same user name, and I never changed the password. So it seems like they should work, but they don’t. I don’t understand what happened to change the password, and I guess there is nothing I can do to get my files back.

Check “Expiry Date” to make sure that the key has not expired

The Expiry Date for these keys says “never expires.”

Does the passphrase ever expire?

By the way, thanks for your interest in helping and your input.

Hi David,

sorry to hear that you are having difficulties.

So far I haven’t heard about these kind of problems regarding the export and import of keypairs and changing passphrases. I’ve done it multiple times. Passphrases do not expire.

First: which verison of Gpg4win and windows are we talking about?
Using a Gpg4win beta would give you some advantages (like the ability to click on the button to show the passphrase you are entering in pinentry).

Are you very sure that you have never changed the passphrase?
(You wrote two times that you haven’t, but I am just making sure.)
Did you change something else? Like the Windows language, or encoding,
your keyboard (maybe keys have changed their position? in Germany this is a common
problem with z and y and different keyboards).

Have you restarted the computer? (I’m asking because sometimes an old gpg-agent hangs around and does not get all setting updates.)

Regards,
Bernhard

Hi Bernhard,

The version of Gpg4win that I have is 2.3.3, and I am using Windows 10.

Regarding the passphrase, I don’t recall ever changing the passphrase after setting up gpg4win back in March. My memory is that I have changed no settings since I set up gpg4win.

The day that I deleted the keys, I successfully decrypted a file that I had encrypted back in March with the passphrase that I remember. After deleting the keys, I immediately imported them back in to test whether I could still decrypt. I had read that one could do this and still decrypt. However, the passphrase would no longer work.

When I try to decrypt a file, it shows the user name that I have been using along with the main key ID in the pinentry window. This key ID is the same as what is on the file name of the keys that I have. Doesn’t this mean that I have the right set of keys for decrypting the file?

I have made no changes to the Windows language or to the keyboard.

I shut down the computer when I am done for the day, so it has been restarted several times since this problem started.

Thanks for your input,
David

Hi David,

thanks for answering the question.

Can you try with Gpg4win 3.0.0 beta if the situation is better?

On a cmd.com windows, does
gpg2 --list-secret-keys
show your key?

Please try giving ultimate trust to the pubkey you are having the secret key for.

Regards,
Bernhard

Hi Bernhard,

I downloaded the file named “gpg4win-3.0.0-beta259.exe,” which had a last modified date of 2017-06-23. I installed this version after uninstalling gpg4win 2.3.3. I gave the keys ultimate trust by right clicking on them in Kleopatra and selecting “Change Owner Trust.” I then tried to decrypt one of my files with the keys that I have, but I still get the same message, that is, “invalid Passphrase.”

I then ran gpg2 --list-secret-keys in a command prompt window, and it did list my keys.

Here is something else I have found during my research. I have two files of my keys that I made back in March. One is named “secret-key-6168AA02.asc” and the other is named “copy secret key.gpg.” Both show the same user name and creation date when I import them in on separate occasions. The first is a text file that I can see in Notepad contains both the public and private keys. The second apparently is in machine language. I wanted to compare these two sets of keys, so here is what I did. With all keys deleted, I imported in “copy secret key.gpg.” Then I made a back up of this as an asc file and called it “Test.” Then I made a comparison of “Test” with “secret-key-6168AA02.asc” using Notepad. What I found was that the public keys of these two files were exactly the same, but the private keys were different. Do you know what this means?

Thank you for your help,
David

Hi David,

it is good that you can see your private keys listed.
(I assume you also see the corresponding public key listed).

Because you’ve said that you’ve never changed the passphrase,
it still puzzles me that your old passphrase does not work. It should work.
Some encoding problem is one explanation, or a mixup of private keys.

Some variation in exports may exist because of a random number or a timestamp being used during the export (I’m just guessing here).

One idea I would try in your case is to start over with a fresh machine that you may have availalbe (Windows or GNU/Linux) and just import one public and secret key and try decoding. If you do not have a second machine, maybe you can try a virtual machine.
If there is something in your config that causes this strange behaviour, a fresh GnuPG
installation may show this difference.

What happened to me once was that I did type the password differently then I’ve had remembered it, my fingers subconciously type something else. When I actually went back
to the password as written down later, it did not work. So you could try typing variations of your password to see if some typing error occurred (I know it’s probably unlikely from what you’ve written, but it still is worth considering again.)

Best Regards,
Bernhard
ps.: I may not be available to help you in the forum during the next days, but here are probably other people around. Another idea could be to try one of the mailinglists, like gnupg-users@ for more ideas.