SolvedAndroid Password Store Get the error "No encrypted data with known secret key found in stream" on any new passwords

Upon first running and syncing of my git repo all passwords are accesible no problem, if I add a new password to my server and sync it to my phone then I will get the error "Error from Openkeychain: No encrypted data with known secret key found in stream"

All keys are encrypted/signed with the same gpg key but ones added after the initial setup will never work. Deleting app data and starting over with a fresh setup (same gpg key) will work fine on all current passwords, including those that won't work before data wipe.

27 Answers

✔️Accepted Answer

I had the same problem, on my computer, I had added throw-keyids to ~/.gnupg/gpg.conf which forced gpg to not put the recipient key IDs into the encrypted gpg files for pass (which made it so that openkeychain couldn't open/decrypt the files :/ ...

To fix existing keys, from ~/.password-store

cd ~/.password-store

for gpg in $(find . -name *.gpg | fgrep -v Marketplace)
do
  echo -e "\n\n${gpg}\n---------------------------------------------"

  gpg2 --decrypt ${gpg} 2>/dev/null \
  | gpg2 --no-throw-keyids --encrypt -r 0x2E6AAA57E7D90EF6 --output /tmp/${gpg##*/}

  mv /tmp/${gpg##*/} ${gpg} 
done

git commit -a -m "--no-throw-keyids"
git push

And then, to prevent this in the future, you can add export PASSWORD_STORE_GPG_OPTS='--no-throw-keyids' to your ~/.bashrc

Other Answers:

I had the same problem, on my computer, I had added throw-keyids to ~/.gnupg/gpg.conf which forced gpg to not put the recipient key IDs into the encrypted gpg files for pass (which made it so that openkeychain couldn't open/decrypt the files :/ ...

Thank you! You're a genius!

I had some trouble with the script so I've made some modifications in order to get it working in a more generic way and to fail fast if something goes wrong:

#!/bin/bash
set -euo pipefail
export IFS=$'\n\t'

export KEYID=0xE724F606EFFF66F7 # Put your key id here

GPG=$(which gpg) # the path for the gpg program
PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:=$HOME/.password-store}
TEMP_DIR=$(mktemp --directory)

for path in $(find ${PASSWORD_STORE_DIR} -iname '*.gpg'); do
  echo "Processing ${path}"
  temp_file="${TEMP_DIR}/${path##*/}"

  ${GPG} -q --decrypt "${path}" | ${GPG} --no-throw-keyids --encrypt -r $KEYID --output "${temp_file}"

  mv -f "${temp_file}" "${path}"
done

echo
echo "Creating git commit with all the changes"
read -n 1 -s -r -p "Press any key to continue, ctrl+c to stop"
echo
git commit -a -m "Adding key ids (i.e. gpg --no-throw-keyids)"

echo
echo "Pushing the commit"
read -n 1 -s -r -p "Press any key to continue, ctrl+c to stop"
echo
git push

I would like Android Password Store has a better error message for this.

BTW I've disabled throw-keyids in my gpg.conf as it seems to be a trouble maker rather than a useful thing to my use of GPG.

I made sure the --no-throw-keyids was set and then ran the following:
pass init KEYID

More Issues: