8

Bad news: I forgot a GnuPG secret key passphrase.

Good news: I do know the words it is constructed of. So, I can easily use john or similar to recover (too many combinations to do it manually, though).

Problem: The secret key is not in the secring.gpg format that john understands, but in some new format, apparently distributed across 2 files, in 

~/.gnupg/private-keys-v1.d/0123456789ABCDEF0123456789ABCDEF01234567.key

and

~/.gnupg/private-keys-v1.d/123456789ABCDEF0123456789ABCDEF012345678.key

(files renamed for this question, obviously) created within the timespan of a few seconds - could be pubkey and seckey, if so which one is which?

Could someone please help, maybe by telling me how to extract the (still locked) seckey from these files without a passphrase? An ASCII armor format would be ideal.

Alternatively, maybe someone knows how to feed these files to john directly?

On a related note: Can I enforce the secring.gpg format in GnuPG? I share /home between systems with different versions of GnuPG and don't want to duplicate key files.

Thanks.

PS: Since I already have files encrypted with the key a revocation and replacement would not be a viable solution.

Ned64
  • 245
  • 1
  • 2
  • 13
  • Did you try `gpg --list-packets 123.key` to see what's inside? – Arminius Mar 30 '17 at 16:59
  • @Arminius: `gpg: no valid OpenPGP data found.` – Ned64 Mar 30 '17 at 17:16
  • Apparently, `gpg` cannot understand these files, only `gpg-agent` (a daemon) can. Passphrases are read by a third, separate program `pinentry`. Could it be more complicated? – Ned64 Mar 30 '17 at 22:22
  • The `gpg` command doesn't understand the new private key database format, you need to use `gpg2` command instead. – Lie Ryan Mar 30 '17 at 23:25
  • @LieRyan Thanks. Since I have GnuPG 2.1 installed, `gpg` is just a link to `gpg2`, anyway. According to the docs (link in my question above), GnuPG can read the new secret keys only through `gpg-agent` (a concept change), not through `gpg`. – Ned64 Mar 31 '17 at 06:23
  • Have I asked this in the wrong forum? Or do people not want to help hackers (whether it be me if I lied and the key was not mine, or by providing a public answer to a hacking-type question)? – Ned64 May 04 '17 at 10:50
  • 2
    This wasn't the wrong forum to ask. I think your question has a limited number of people that can answer this with any authority*. (e.g. Needs to know internals of `gpg-agent`, how to use `john` in a not yet supported way, and how to crack an encryption that wasn't designed to be) [Cryptography](https://crypto.stackexchange.com) would be the only other SE site better qualified to answer this. *_I don't consider myself an authority, I'm just wildly speculating a possible solution_. – Core.B May 16 '17 at 18:32

2 Answers2

2

I'm taking a guess at these, but I have no easy way to test if these are actually possible.

Easiest: Nasty and crackgpg have been designed for this purpose. If one of them has been updated to support this new format, try it.

Harder: The file format is documented in gnupg/agent/keyformat.txt. Can you get something like john to try your wordlist until it gets a ( as the first character?

Core.B
  • 121
  • 4
  • Thanks. I tried nasty before but it is just too old for the "new" format. I am assuming the same for crackgpg. Will have a look, though. The format documentation you have linked to is from the future - apparently another change is planned already. I am unsure what you mean by using john - which encryption algorithm (I suppose john knows many?) would I tell john to use? – Ned64 May 17 '17 at 22:18
  • For keyformat.txt, look at an earlier version in the repository, or the source of your currently installed version on your machine. (With an RPM based distro, you'd get tgr SRPM) – Core.B May 17 '17 at 22:24
  • I missed some words on the john answer. It appears to have a DYNAMIC mode that would let you customize what its trying to crack. I'll try to work out if thats practical and edit links into the answer. – Core.B May 17 '17 at 22:28
1

A developer of John the Ripper has posted a program that can be used with the mask mode of JtR to crack this format. It has to be linked against libgcrypt from GnuPG.

It is available here.

AleksanderCH
  • 711
  • 3
  • 10
  • 23
Charles Sloan
  • 11
  • 1