Hello, there! I hope you everything is going well with you.
I would like you to assist me in recovering my .gpg symmetrically encrypted file.
I backed up some directories for about a year now. I archived them through gzip and then I encrypted them using a simple (digits-only password I think) passphrase. Now I have dir.tgz.gpg. I tried using rephrase which honestly I find useless. I tried bruteforcing my gpg file using John The Ripper, so I attempted converting my file into data JTR can work with, I ran the command: gpg2john dir.tgz.gpg > hashingfile and I received an error “Bad parameter… len cannot be bigger than buf_size” I think this is why john fails. What should I do?
There is no other way to recover your password than brute force. You can use John The Ripper – but you need to crack your private key, not the encrypted file.
I don’t understand. What private key are you talking about? I remember I encrypted the file using: gpg -c dir.tgz
I really cannot remember any private key! Am I missing something?
Search engines are your friends in this case.
And, I bet you can now see the benefits of using a good password manager.
Search engines did not do the trick. And yes, a good password manager like keepass is beneficial.
gpg -K should display all your private keys, which are needed to decrypt files.
gpg -k should display all your public keys, which are needed to encrypt files.
Hey guys. I need a way to bruteforce the file. I believe it is the best way since I remember that my password was made up of digits only, and does not exceed 8 digits. Could you please point me to how to do it. I found john the ripper on pacman. I think Manjaro has all the tools I need to restore my file.
Like @Tomek said, you don’t bruteforce the file - you bruteforce the key.
There was a link in there describing the procedure.
I don’t know anything about doing this stuff or what to do if you have just the file but not the key.
Depends. If he really used:
it’ll be encrypted with a symmetric cipher. You have to provide a passphrase doing that.
And then your key material does not matter at all. (you don’t even need a gpg key pair)
Are you sure that you’ve used to -c option back then? Looks like the file is messed up somehow.
At least I can’t reproduce that issue.
Maybe you should seek some help here:
4 Likes
You are right. I used gpg -c dir.tgz to encrypt the file. That was symmetric encryption. I tried rephrase but it is not working. I believe I need to bruteforce the file. I just don’t know how to do it.
I just tried to replicate and used a 5 digit numeric password to encrypt a tar.gz compressed file
(containing a directory with some files in it)
I used gpg -c ./the_compressed_file.tar.gz
I got:
the_compressed_file.tar.gz.gpg
I ran:
gpg2john the_compressed_file.tar.gz.gpg > hash
This is where you already get an error - which to me means you can’t export the hash that john will need.
You don’t have that file containing the hash - correct?
If yes
this is where your journey probably will end.
I don’t get an error at this stage.
I do have this hash file.
So I then ran:
john --incremental:Digits hash
on it
and a few seconds later the “password” was cracked
just FYI
just 8 digits instead of 5 take substantially longer
All right. Thank you guys for your help anyway. I think this the end of my journey. I should have saved the password somewhere.
When you google for the error that you get when trying to create the hash for use with john
you get some info suggesting that it could be related to a relatively recent change in john.
So it could be that an older version of it could work - an old Kali Linux Live CD will likely contain the program.
Also PGPCrack-NG is mentioned.
GPG symmetric encryption and gpg2john parsing problems · Issue #2616 · openwall/john · GitHub
I know nothing more.
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.