I used Emacs to encrypt a text file with a symmetric key. When decrypting the file, the program pinentry opens a window for password entry. I accidentally clicked the checkbox for "save in password manager" and then the enter key (no password). Apparently the empty password was stored and now I'm not anymore prompted for a password when opening the file. Instead I get the following error message:
gpg: AES encrypted data
gpg: gcry_kdf_derive failed: Invalid data
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
I get this message when opening the file in Emacs but also when I use gpg2 -d the_file.gpg.
How can I remove the empty password and restore the password prompt?
Things that I already tried (unsuccessfully):
- reboot,
- kill gpg-agent,
- kill gnome-keyring-daemon,
- remove the key using seahorse (didn't work because seahorse didn't list the key)
I'm using Xubuntu 16.04.
Best Answer
Ubuntu 16.04 and derivatives currently come with GPG 2.1.11, which cannot be used without an agent. Moreover, since 2.1, the agent socket file is fixed to
${GPG_HOMEDIR}/S.gpg-agent. The reason I'm saying this is because I don't know exactly howgpg-agentandgnome-keyringbattle for acting as agents by owning that file, but only one can own it at any one time.The fact there was a check box for saving the password suggests you weren't using
pinentryviagpg-agent, but Seahorse viagnome-keyring. I suggest reading the "Managing Passwords" section, and trying to find the bad association (empty pass for that specific file) that way.Since you mentioned looking for a key in Seahorse- If you are using symmetric encryption, the password will not be associated with any GPG encryption key. (I find GPG to be lacking in that respect, details here.)