Hey everyone, I mined bitcoin way back in either 2009 or 2010, honestly can't remember the exact year, and kinda lost track of it. Recently, I've been digging through my old hard drive and found a gpg file. The problem is I can't locate the private rsa key needed to decrypt it. I checked out the file and saw that the encrypted data is 6000 bits, and I need a private rsa key with a specific ID. The file size is 165 MB. So, I'm wondering if anyone has used any programs or tools that might help me view the unencrypted portion of the data. What options do I have?
So you have something (a file) encrypted with GPG and you want to see what's encrypted?
There is no way, unfortunately.
Some ideas:
1. the file name. If it says passwords.txt.asc it has passwords, if it says blabla.pdf.asc it contains blabla.
2. run gpg --list-packets <filename>. It should show you what encryption algo was used, if it was symmetric or asymmetric. In general it shows metadata, but not clues about what was included in the file.
1. Have you made RAW copy/backup of your old hard drive? It's important to prevent any deleted data accidentally overwritten.
2. Have you tried using file recovery software to look for any deleted data?
You need to explain this part better, since 6000 bits probably refer to length of RSA keys or size of encrypted data rather than date.
165MB file? What kind of file you're talking about? I'm sure Bitcoin-qt and wallet file generated by Bitcoin-qt have smaller size.
Honestly, I searched through my old hard drive but couldnt find anything useful. So, I decided to use some data recovery tools, and fortunately, one of them managed to recover a .gpg filealthough it was restored with a random name. The file is 165 MB in size and has a .gpg extension.
I ran a full strings scan on it, and it was filled with keywords like btc, wallet, xprv, priv, and key. I also noticed the beginnings of old Bitcoin addresses. However, all the matches were small fragmentsno complete sentences or full addresses.
Then I used the gpg --list-packets command to analyze the file structure. It showed that the file is encrypted using RSA (Key ID starting with 5EB ), with algorithm 3 and an encrypted data packet of length 6284 bytes.
I don't suppose you can go anywhere from this point. The point of encrypting something with RSA (using GPG as a tool), is to not be able to open it without the password.
RSA encryption is asymmetric. Which means that in order to decrypt the file you will need the private key.
The private key lives inside the hosting machine, where GPG was installed (most of the time).
If (I repeat if), the disc that you have in your hands was the same disc where the OS was installed, or if by chance you have saved the keys in the same disc, there may be a chance to find it.
I would search for .gnupg in the old disc. If there is any key material there, you may find it this way. But there is a catch. You will need to know the password, which is a very difficult task to accomplish 15 years later.
You should make a back up of the file before trying anything on it
this is always advised just incase something happens.
If you think you know the password you could try decrypt the file and output the contents with
You could also give this command a go see if there is a secret key for the file
If the file was encrypted with a symmetric cipher (passphrase only, no public/private key),
If you still have no luck you could try export the packets and see if they hold any additional information
Another good solution is PGPDUMP
If you have or can recover the private key associated with the key ID (5EB )
If you still unsure you could try bruteforce it with gpg2john
gpg2john recovered_file.gpg > hash.txt
john hash.txt
This will convert the GPG files passphrase hash into a format compatible with John the Ripper for brute-forcing.
Good luck!
Is the gpg file something you created?
I suggest looking for the original wallet file, or a backup of it, on that disk .. you'll have more luck with that than trying to open a gpg file without the private key.
Try reaching out to Dave at walletrecoveryservices.com - he has helped many people in this situation.
Which data recovery tools did you use?
I would assume that an encrypted file with extension .gpg doesn't really have any meaningful strings in it. It's all encrypted, isn't it?
Your data recovery tool may have found chunks of data, possibly from a wallet.dat file, and attributed it to be a GPG file because it found chunks of encrypted data. It's possible that what your recovery tool found isn't quite correct. But I'm just speculating a bit based on what you provided.
I guess there's not much you can do, if you can't remember having created a GPG file, haven't documented anything about it and most importantly haven't documented any decryption details. Having no backups of wallet files is a somewhat common problem of early bitcoiners (don't want to lump everyone together; those who have don't show up in the forum with recovery issues).
If you're searching for valuable data, make sure you don't alter the storage media, especially when you have to assume to recover potentially deleted files from some filesystems. I would highly recommend to make forensic bit-by-bit copies of storage media (read-only access to the storage media devices) and work only on copies of such forensic copies. The basic principle is to never alter the original storage media.
In many cases your assumption isn't wrong...