gpg: no valid OpenPGP data found. gpg: decrypt_message failed eof
3 years ago
Originally Published: 2011-03-09
Article Number
000044124
Applies To
RSA Key Manager Appliance 2.6
Issue
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed eof
Cause
When you use the restore utility you first select option (1) and specify the backup file which you wish to use (which was erncrypted when it was generated) and then select option (2) to decrypt this file to be able to extract data.  The file supplied is not a valid, encrypted, file; either it is truncated or has been corrupted in some way so that it is no longer a valid archive file.
Resolution

Check very carefully both the name of the file you specified under option (1), the standard formatting of the file name has a gpg suffix which may be a good indicator (although a renamed file would still work provided it is valid as the suffixes are simply there for human readbility).

You can also do some level of checking of the file by using the 'file' command, for example:

              [root@rkm-server tmp] #  file *
              RKMA-Backup-rkm-server.acme.com-20110308190346.tar.gz.gpg:    gzip compressed data                                  WRONG, for some reason this appears to be an unencrypted file

              [root@rkm-server tmp] #  file *
              RKMA-Backup-rkm-server.acme.com-20110308190346.tar.gz.gpg:    ASCII text                                                   WRONG, maybe this file got converted in an FTP BIN/ASCII translation?

              [root@rkm-server tmp] #  file *
              RKMA-Backup-rkm-server.acme.com-20110308190346.tar.gz.gpg:    GPG encrypted data                                    RIGHT, for some reason this appears to be an unencrypted file

This command can be used as a good first parse, however even the third file might not be correct if it was truncated and perhaps is missing the last half of itself.

Carefully recopy the rachived, encrypted backup file onto the applinace again to ensure the network file copy did not cause the issue, othwerwise you will need to select an alternative rachive file to restore.


You can run certain validation tests on any archive file against a working, existing system without affecting the running service.  At any time you can copy in an archived, encrypted backup file and simply use options (1) and (2) of the RKMARestore.sh command to confirm that you can access and decrypt the archive file.  This small test should never take the place of a full disaster recovery test but might be useful for doing an assurnace level test.
Workaround
The /opt/rkm-appliance-backup/RKMARestore.sh utility is being used to restore data and option (2) has been selected to decrypt a supplied, encrypted, backup file

Related Articles

Trending Articles

Don't see what you're looking for?