git-secret issues operating between gpg 2.0.x and 2.1.x

[jvassev]

It looks like git-secret cannot decrypt a repo when it's encrypted with gpg 2.0.x.
This has to do with the removal of the secring.gpg: https://www.gnupg.org/faq/whats-new-in-2.1.html

I have "fixed" git-secret locally by just commenting these 3 lines:

git-secret/src/_utils/_git_secret_tools.sh

Lines 585 to 587 in 7dd6177

	if [[ -z "$keys_exist" ]]; then
	_abort "$error_message"
	fi

It would be nice if some older gpg's are also supported for those stuck older linuxes :)

[joshrabinowitz]

Hello @jvassev,
Thanks for this issue report.

Is this issue complete and correct? We perform automated tests with gpg 2.0.22.
(Here's an example: https://travis-ci.org/sobolevn/git-secret/jobs/446983235)
IE, Is this reproducible using only gpg 2.0.X (I ask because you link to changes in 2.1)

Might this issue actually have to do with inter-operation between different versions of gnupg?
(See: #204 , #208)

[jvassev]

I think my problem has to do with encrypting using gpg 2.1.0 and then failing to decrypt using 2.0.x.

The exact version which fails to decrypt is (ubuntu xenial):
gpg 2.0.22
libcrypt 1.5.3

I am encrypting with (centos 7):
gpg 2.1.15
libcrypt 1.7.8

[joshrabinowitz]

@jvassev yes, this is a known issue of git-secret interoperating with different versions of gnupg.
@simbo1905 wrote up #208 / RFC001 https:/sobolevn/git-secret/blob/master/RFC/RFC001.md which proposes a solution to this issue. See also #228

We would love for someone to implement a solution, which requires git-secret not depending as much on binary files created by gpg.

(edit:) I'm planning to close this as a dup of #228 and reword the description to mention it's a GnuPG inter-operation issue