Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git-crypt fails to unlock encrypted files upon cloning new repo in production server #181

Open
kir12 opened this issue Sep 2, 2019 · 3 comments
Open

git-crypt fails to unlock encrypted files upon cloning new repo in production server #181

kir12 opened this issue Sep 2, 2019 · 3 comments

Comments

@kir12
Copy link

kir12 commented Sep 2, 2019
edited
Loading

I'm attempting to clone my repo in a production server and decrypt my files there. I had already encrypted the repo beforehand with git-crypt add-gpg-user and it works fine on my development machine, but nothing I'm doing seems to re-unlock the repo on the production server. Specifically, I get the error

Error: no GPG secret key available to unlock this repository.

I attempted to make a new GPG key on the production server, but that didn't help. I also don't know if my development machine has a GPG key linked to git-crypt add-gpg-user, meaning I don't have a key to export. I apologize if this seems like a trivial problem -- this is my first time using GPG and I have no idea what's going on. Can someone give me some guidance?
@kir12
Copy link
Author

kir12 commented Sep 2, 2019

I was able to resolve the initial issue using git-crypt export and scp, but I'm still very interested in knowing how I would unlock the new repository using only GPG keypairs.

@alerque
Copy link
Contributor

alerque commented Sep 3, 2019

This really isn't a question about git-crypt so much as how to use GPG. You need to export your secret keys from one machine and import them on the other. Once the secret keys are present and a GPG agent is running that has the keys unlocked, the other system will be able to unlock the git crypt repository.

It's probably best to play around with the GPG tools directly first before trying to figure out how to work git crypt. Most of the misunderstanding is on that side of things. Try encrypting a small file to yourself with something simple like echo "super secret test" | gpg -e -a > encryptedfile. You can decrypt it using gpg -a -d < encryptedfile. If that works then transfer that encrypted file to the other machine and try to decrypt it there. In order for that to work you'll need to get your secret key transferred and setup properly.

Once those basic GPG tools work for you, you won't have any trouble with git-crypt which uses them as building blocks and expects them to work.

@tbenst
Copy link

tbenst commented Dec 2, 2021

Try encrypting a small file to yourself with something simple like echo "super secret test" | gpg -e -a > encryptedfile. You can decrypt it using gpg -a -d < encryptedfile.

Amazing advice, thank you! Wish I could sticky.
In my case, issue was I was using ssh and missing the GTK prompt to enter password, leading to silent failure (gosh, gpg is so unfriendly...). Fixed following https://askubuntu.com/a/858947 and also running export GPG_TTY=$(tty). After I got gpg -a -d < encryptedfile working, git-crypt unlock worked just fine.

This may also be the solution for #181

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alerque @tbenst @kir12