Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git-crypt unlock fails #59

Closed
skorokithakis opened this issue Jul 29, 2015 · 7 comments
Closed

git-crypt unlock fails #59

skorokithakis opened this issue Jul 29, 2015 · 7 comments

Comments

@skorokithakis
Copy link

I have a repo with GPG-encrypted keys, and if I try to unlock it, I get this:

00:59:55 $ git clone git@bitbucket.org:thing
Cloning into 'thing'...
Checking connectivity... done.

01:00:01 $ cd thing

01:00:17 $ git-crypt unlock
git-crypt: error: encrypted file has been tampered with!
error: external filter "/home/stavros/bin/git-crypt" smudge failed 1
error: external filter "/home/stavros/bin/git-crypt" smudge failed
fatal: deployment/group_vars/all.yml: smudge filter git-crypt failed
Error: 'git checkout' failed
git-crypt has been set up but existing encrypted files have not been decrypted

I tried changing the file on a machine that has it decrypted and committing, which worked for that machine/repo, but cloning it still fails.
@AGWA
Copy link
Owner

AGWA commented Jul 30, 2015

Could you run openssl dgst .git/git-crypt/keys/default from both the decrypted repo and the repo where git-crypt unlock is failing? (Note: run this command after running git-crypt unlock.) Are the digests output by openssl dgst the same in both repos?

@skorokithakis
Copy link
Author

Nope, they aren't. Hmm, why would that be?

@skorokithakis
Copy link
Author

Is there any update on this? We can't use the repo currently.

@AGWA
Copy link
Owner

AGWA commented Aug 11, 2015

The key files should be the same. They can become different if git-crypt init is run more than one time in the same repo, although git-crypt init refuses to run if it has already been run in the same local repo. Is it possible that you ran it concurrently in two clones of the same repo?

It should be possible to fix this by doing the following in the decrypted source repo:

  1. Remove the .git-crypt directory and commit the change.
  2. Re-run git add-gpg-user with the IDs of the authorized users.

After this, you should be able to clone and run git-crypt unlock and end up with the same key file in .git/git-crypt.

@skorokithakis
Copy link
Author

That fixes things, thank you. I'm a bit hazy on why removing the .git-crypt dir didn't render git-crypt unable to encrypt the files again, but, as long as it works, I can't complain.

By the way, for posterity, in step 2, you mean git-crypt add-gpg-user.

@biancazzurri
Copy link

biancazzurri commented Jul 27, 2018
edited
Loading

I encountered this as well. My setup is:
clone the repo
git-crypt init
git-crypt add-gpg-user
git-crypt unlock

and this messes up the decryption

what does work is:
clone the repo
git status
git-crypt init
git-crypt add-gpg-user
git-crypt unlock

probably git status command initializes something git-crypt relies on
my git versions is 2.14.2

@greg-murray-volusion
Copy link

I had to reinstall git-crypt and then it worked for me.

@Pepper-X Pepper-X mentioned this issue Nov 17, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@skorokithakis @AGWA @biancazzurri @greg-murray-volusion