PGP File Password Recovery

TL;DR

You’ve lost the password to a PGP-encrypted file (using symmetric encryption like AES). This guide shows how to attempt recovery using brute-force methods. Warning: This can take a very long time, even with powerful hardware, and is not guaranteed to succeed. It’s best if you have some idea of the password’s length or complexity.

Steps

1. Understand Your Encryption

• PGP can use symmetric encryption (like AES) with a passphrase, or asymmetric encryption (public/private key pair). This guide focuses on symmetric encryption where you entered a password to encrypt the file.

Install John the Ripper

John the Ripper is a powerful password cracking tool. Installation varies by operating system:

• Linux (Debian/Ubuntu):

  sudo apt update && sudo apt install john

• macOS: Use Homebrew:

  brew install john

• Windows: Download from OpenWall and follow the installation instructions.

Prepare the File for Cracking

John needs a specific format. If your file isn’t already in a supported format, convert it:

• For OpenPGP files (.asc, .gpg), John usually handles them directly.
• If you have an encrypted archive (like .zip or .rar) created with PGP encryption, extract the individual encrypted files first.

Run a Basic Brute-Force Attack

Start with a simple wordlist attack. A wordlist is a text file containing potential passwords.

• Download a common password list (e.g., SecLists).
• Run John:

  john --wordlist=/path/to/your/wordlist.txt /path/to/your/encrypted_file

  Replace the paths with your actual file and wordlist locations.

Increase Attack Complexity

If a simple attack fails, try more advanced methods:

• Masks: Define patterns for passwords (e.g., lowercase letters + numbers). Example mask:

  john --mask='?l?l?d' /path/to/your/encrypted_file

  (‘?l’ = lowercase letter, ‘?d’ = digit).

• Rules: Apply rules to modify words from the wordlist (e.g., capitalization, adding numbers or symbols). Example rule file:

  john --rule=best64 /path/to/your/encrypted_file

• Incremental Mode: Try all possible passwords of a certain length. Warning: This is very slow! Example:

  john --incremental /path/to/your/encrypted_file

  (tries all passwords from ‘a’ to ‘zzzzz’). You can specify the password length with

  john --incremental=8 /path/to/your/encrypted_file

  .

Monitor Progress

John displays progress in real-time. Use these commands:

• `john –status`: Shows the overall status of all running cracks.
• `john –show`: Displays cracked passwords (requires John to be stopped first).

Stop Cracking When Successful

Once a password is found, stop John immediately to save time and resources.

Important Considerations

• Hardware: Password cracking is CPU-intensive. A faster processor and more RAM will significantly speed up the process. GPUs can also be used with some configurations (see John documentation).
• Time: Brute-force attacks can take hours, days, weeks, or even longer depending on password complexity and length.
• Wordlists: The quality of your wordlist is crucial. Use multiple lists and consider creating custom lists based on information you know about the potential password.
• Legal Implications: Only attempt to crack passwords for files you own or have explicit permission to access. Unauthorized access is illegal.