Hi,
As we don't have a encrypted instal of Ghost I wanted to use the native pre-installed gnugp to selectively encrypt particular data directories.
For some reason I can't fathom the decryption always fails...
I followed [https://www.baeldung.com/linux/encrypti ... -directory] example...
encryption process:
mkdir top-secret
echo "this is a secret" > top-secret/secret.txt
gpgtar --encrypt --symmetric --output top-secret.gpg --gpg-args="--passphrase=top-secret-passphrase --batch" top-secret
Listing reveals:
gpgtar --list-archive --gpg-args "--passphrase=top-secret --batch" top-secret.gpg
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
Decryption fails with:
gpgtar --decrypt --directory decrypted top-secret.gpg
gpg: AES256.CFB encrypted data
gpg: problem with the agent: Inappropriate ioctl for device
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
Please, can anyone explain the 'bad session key' failure issue?
This fails whether I use root or me and within and between pools.
The "Bad session key" error you're encountering while trying to decrypt your data with GnuPG (gpgtar) typically indicates a problem with the passphrase or the GPG agent. Here are some steps to troubleshoot and potentially resolve the issue:
Verify Passphrase:
Double-check the passphrase you are using for encryption and decryption (--passphrase=top-secret-passphrase). Make sure there are no typos or extra spaces. The passphrase must be identical during encryption and decryption.
GnuPG Agent:
The "Inappropriate ioctl for device" error often occurs when GnuPG tries to use the agent but encounters an issue. Try running the decryption without the agent by using the --no-use-agent option:
Use Absolute Paths:
Ensure that you are working with absolute file paths for your input and output files. This can sometimes resolve issues related to relative paths.
Check GnuPG Version:
Ensure that you are using an up-to-date version of GnuPG. Older versions may have bugs or compatibility issues. You can check your GnuPG version using the following command:
gpg --version
If it's not up-to-date, consider updating it to the latest version available for your operating system.
Environment Variables:
Check if any environment variables related to GnuPG are conflicting with your command. You can try running the command in a clean environment by using the env -i command:
This can help you identify the specific problem in the decryption process.
Alternative Encryption Methods:
If you continue to face issues, you might consider using alternative methods for encryption, such as using symmetric encryption with openssl or other encryption tools. This can be a workaround if you're unable to resolve the GnuPG issue.
Remember to handle sensitive data carefully, and make sure to securely manage your encryption keys and passphrases.
It seems that the modifier
--no-use-agent
returns
gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
Seems there is a bug in gpg.
Workaround...
install gpg-gui
and use this application.
Unlike gpgtar it only works on a file.
But we can always use the native archiver to create the file of a directory first.