000011703 - gpg: no valid OpenPGP data found. gpg: decrypt_message failed eof

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011703
Applies ToRSA Key Manager Appliance 2.6
Issuegpg: no valid OpenPGP data found.
gpg: decrypt_message failed eof
CauseWhen you use the restore utility you first select option (1) and specify the backup file which you wish to use (which was erncrypted when it was generated) and then select option (2) to decrypt this file to be able to extract data.  The file supplied is not a valid, encrypted, file; either it is truncated or has been corrupted in some way so that it is no longer a valid archive file.

Check very carefully both the name of the file you specified under option (1), the standard formatting of the file name has a gpg suffix which may be a good indicator (although a renamed file would still work provided it is valid as the suffixes are simply there for human readbility).

You can also do some level of checking of the file by using the 'file' command, for example:

              [root@rkm-server tmp] #  file *
              RKMA-Backup-rkm-server.acme.com-20110308190346.tar.gz.gpg:    gzip compressed data                                  WRONG, for some reason this appears to be an unencrypted file

              [root@rkm-server tmp] #  file *
              RKMA-Backup-rkm-server.acme.com-20110308190346.tar.gz.gpg:    ASCII text                                                   WRONG, maybe this file got converted in an FTP BIN/ASCII translation?

              [root@rkm-server tmp] #  file *
              RKMA-Backup-rkm-server.acme.com-20110308190346.tar.gz.gpg:    GPG encrypted data                                    RIGHT, for some reason this appears to be an unencrypted file

This command can be used as a good first parse, however even the third file might not be correct if it was truncated and perhaps is missing the last half of itself.

Carefully recopy the rachived, encrypted backup file onto the applinace again to ensure the network file copy did not cause the issue, othwerwise you will need to select an alternative rachive file to restore.

You can run certain validation tests on any archive file against a working, existing system without affecting the running service.  At any time you can copy in an archived, encrypted backup file and simply use options (1) and (2) of the RKMARestore.sh command to confirm that you can access and decrypt the archive file.  This small test should never take the place of a full disaster recovery test but might be useful for doing an assurnace level test.
WorkaroundThe /opt/rkm-appliance-backup/RKMARestore.sh utility is being used to restore data and option (2) has been selected to decrypt a supplied, encrypted, backup file
Legacy Article IDa54193