Deleted key pair from Kleopatra- recover?

Hi,

I apologize in advance, I am very novice at PGP and Kleopatra

Last night I accidentally deleted my main kay pair and private key by right clicking in the certificates menu ‘delete’

Now, I can’t decrypt messages that were intended for that key. I still have the public key, but obviously that doesn’t do much

How can I recover this? Am I screwed? There’s nothing in my Recycle Bin or in the gnupg file that can help me

Hi Blake,

as far as I remember there is a safety dialog coming up
and you okayed this as well?

If so:
You can go looking in the gnupg directory for your user, but if you don’t have a backup, and the private key part is lost than there is nothing you can do.

Next would be to create a new keypair, notify your communication partners (reestablish trust into the new keypair) and revoke the unusable key.

Best Regards,
Bernhard

What would the file look like/be called in the gnupg file? There is a folder called private-keys-v1 and there are 2 files in there, but importing them does nothing

How would I re-add the key pair if it is available?

And yes there was a prompt for confirmation but I deleted it anyway :frowning: don’t ask why

Hi Blake,
to recover files directly from this directory in the backup, you copy them there.
(And also import the corresponding public key.)

Best Regards,
Bernhard

Hi :slight_smile:

So I have gone ahead and done the same darn thing OP did. Sounds like we are both new to this game. The warning system clearly isn’t enough but who would make this mistake again after doing it wrong once?

Using Windows 10 v1909. I had two key pairs named the same in my certificates in Gpg4win-3.1.15 so i deleted one thinking it was not used and suddenly i am unable to view messages sent to me.

My '\gnupg\private-keys-v1.d' directory shows multiples *.keys. IS one of these my ‘accidently’ deleted key? If so how do I transfer it to a fresh copy of Gpg4win-3.1.15?

Some steps I have followed:

Backedup all files in directory above
Installed Gpg4win-3.1.15 on a machine that has never had it. copied all *key files and placed them in the ‘new’ directory. Imported a certificate from the old machine.

The error I continuously receive is “no secret code found”. When typing that into search it shows a plethora of Linux and Ubuntu commands that seem outdated for this revision because they refer to a file called ‘secring’ which is not in the new updated version. Sounds like if I could have followed those steps with a previous version I would not be in this situation.

I have the fingerprint, passphrase as it was pretty much identical to the second iteration that was deleted.

I guarantee this will be an issue that newcomers so I have tried to include details about the version so someone doesn’t have to scour the internet using generic terms like ‘no secret code found’.

Cheers,

Charles

Hi Charles,

the decisive point is:
If you do not have a backup before deletion, there is nothing you can do.
(Otherwise it would be a different problem, as the possibility of deleting private key material is a security feature.)

From your writing I conclude that you are lacking the backup (unfortunately).

The other point is that we could try to improve the warning.
The text coming up is

“The certificate to be deleted is your own. It contains private key material, which is needed to decrypt past communication encrypted to the certificate, and should therefore not be deleted.” (see screenshot)

Did you actually read it? (If not we could think of adding another check button like " understand this is permanently")

If yes, how could be improve the text, was there some contents missing? Should me make it clearer?

Best Regards,
Bernhard

kleopatra-private-key-deletion-confirmation-20210129.png

Hi Bernhard (Westworld?),

Luckily it was easily fixed. I just had to change my private key and I had only sent a couple of emails off with the previous key. I think its imperitive for people jumping into Kleo to be aware of what the hell it does to begin with. It basically makes it so you never see your secret key which is amazing but when your first starting out you think your setting up profiles just to use within Kleo not entire secret keys which you never see. So i saw them as more like windows profiles and was like ‘hey why do i need a repeat in there if everything is working as it does’. I’d say it should be mandatory to backup before deleting, then if you REALLY want to delete it then you have to seek out the backup. Then if there is a newbie like me they can be like ‘oh lucky they made me back it up’ as a once of type of thing. Unfortunately, in the crypto world there is alot of ‘serious’ warnings so you do become complacent with everything tell you, you will die if you hit the red button. I hope this helps!

Cheers,

Charles

Getting users to carefully read messages is very difficult.

My suggestion for something so dire as permanently deleting a private key would be either:

  1. Double confirmation

  2. A graphic that can’t be ignored - like Skull and Cross Bones

or both.

Hi Charles, Hi Les,

thanks for your inputs!

Yes, it is difficult to create a user interface that is understandable, intuitive and explains the right things at the right time.

Over time, we hope Kleopatra to take more of a backseat, reserved for power users that are more interested in the details. And we try not to explain to many general IT or security issues, because this can become a huge task. So the assumption is: People will have a backup, if they run their IT on a certain level. (After all, if you don’t have a backup, a hardware failure can hurt you a lot on many levels.)

If the warnings are toned up, users will get used to the new style as well, so a double confirmation may not help a lot in the end. In any case: We’ll try to improve over time from version to version.

Best Regards,
Bernhard (Reiter)