[Enigmail] Recover GPG password remembered by Thunderbird (passphrase in session)
dfpernf at yandex.com
Thu Nov 26 15:33:40 CET 2015
Thank you so much! I solved it with your answer.
For future people, here's how you can recover your PGP key if stored in your GNOME session.
Install pip and gnome-keyring as root:
$ sudo apt-get install python-pip python-gnomekeyring
Now install this application (secret-tool also exists but I couldn't figure it out):
$ pip install --upgrade --user gkeyring
Now search in the dash (click Ubuntu logo) for "Passwords and Keys" application (this is Seahorse).
Under the subsection called "Passwords" click the item "Login". You should see your PGP key with a lock.
Right click, select Properties.
Then copy the Description field (CTRL-C).
Now in the terminal, type:
$ ./gkeyring --name "..."
Keep the quotes, and paste that description where the ... is. It should look something like:
$ ./gkeyring --name "PGP Key: John Smith <john at smith.com>"
When you press enter it will display your password!
Thanks everybody for their suggestions.
26.11.2015, 15:11, "Patrick Brunschwig" <patrick at enigmail.net>:
> I'd assume the password is stored in gnome-keyring.
> - -Patrick
> On 26.11.15 12:30, Dkjfffkjk Dfpernf wrote:
>> But the problem is *not* that I don't know how to change the
>> password. It's that I've lost the password but it is on my computer
>> $ locate pinentry $
>> Yet if I open Thunderbird, I can decrypt emails no problems. Sadly
>> I cannot change the key's password without being prompted.
>> If I restart the computer, I can still decrypt emails. Where is
>> this password being stored?
>> How can I find it? Is there some way to get Enigmail to spit it
>> out? How can I find out what pinentry/agent software is being used,
>> or where it is stored when the session starts? Someone somewhere
>> must know this, and unfortunately it's a very important key...
>>> On 11/25/2015 11:30 AM, Dkjfffkjk Dfpernf wrote:
>>>> Today one of my devices which contains the KeepassX password
>>>> for my PGP key got bricked.
>>>> Luckily I have another device (Ubuntu 15.04) which has the
>>>> password saved when I start the session (login to my user). I
>>>> can restart the computer and still read encrypted passwords
>>> I would setup a semetric encrypted password file in your home
>>> directory which is /home/user/ To do this use your favorite text
>>> editor like emacs which will open an encrypted file and ask for
>>> your passpharse.
>>> I use the unix standard of : as a field separator.
>>> # File Format
>>> login:password:host name:Company Name:Account Number:Phone
>>> Of course you can setup you own password file to meet your own
>>> After you have created your password file you need to encrypt
>>> it. gpg -esc passwd which will produce a signed, encrypted
>>> passwd.gpg along with the original unencrypted passwd file.
>>> Before removing the unencrypted try to open the encrypted file.
>>> gpg -d passwd.gpg | less
>>> You will be asked for your passphrase.
>>> After you have varified that you can open and read your
>>> encrypted password file you can remove your original unencrypted
>>> As a paranoid old man I use the shred application which will
>>> overwrite the original file. I use this especially on laptops
>>> which can be stollen or lost.
>>>> It does not seem to be using gpg-agent nor pinentry. There is
>>>> no program called 'pinentry' and here are the programs
>>>> beginning with gpg:
>>>> gpg, gpgsplit, gpgv, gpg-zip
>>>> $ echo $GPG_AGENT_INFO /run/user/1002/keyring/gpg:0:1
>>>> But that file is 0 bytes and I cannot do anything with it.
>>>> extensions.enigmail.useGpgAgent is false
>>> Your pinentry program is probably located in /usr/bin/ You can
>>> use either locate or whereis to find your pinentry program.
>>>> How is the password being stored?
>>> In this directory there is also your public ring and your config
>>>> And how can I recover or change the password?
>>> gpg --edit-key 0x12345678
>>> You can change the passphrase, can sign somes public key, and add
>>> sub keys.
>>> Though enigmail hides a lot of the details about gnupg, the more
>>> you read about keys, algorithms, and etc. the more you will
>>> appreciate the hard work that was put into gunpg and enigmail.
>>>> I can still read encrypted emails so it is somewhere in my
>>> I hope that this helps you and make sure you backup your systems.
>>> I use cron at 2AM everymorning to backup my systems.
>>> - -- Rev. LeRoy D. Cressy mailto:leroy at lrcressy.com /\_/\
>>> http://lrcressy.com ( o.o )
>>>> ^ <
>>> Cell Phone: 267-307-3527
>>> See My posts on facebook and googleplus
>>> Open PGP Key: C34B77CC gpg fingerprint: 8AD5 35EF 1FDF F1A7 E483
>>> 8CCE A50D 4E81 C34B 77CC
>>> For info on enigmail: http://enigmail.mozdev.org/ For info on
>>> gpg: http://www.gnupg.org/
>>> Jesus saith unto him, I am the way, the truth, and the life: no
>>> man cometh unto the Father, but by me. (John 14:6)
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>> -----END PGP SIGNATURE-----
> enigmail-users mailing list
> enigmail-users at enigmail.net
> To unsubscribe or make changes to your subscription click here:
More information about the enigmail-users