[SATLUG] Re: [XCSSA] GPG Encryption Sub-Key Expired? Create a new one! But carefully... ; )

Tweeks tweeks at rackspace.com
Fri Oct 1 09:46:05 CDT 2010

BTW.. Just before you hit enter on this step:
	Really create? y

I would recommend doing a couple of things on your system to increase entropy.
	1) In one new shell/c-term, run this:
		sudo find / -exec stat {} \;
	2) In another do this:
		cat /dev/urandom |strings
	3) Paranoid folks may also do a aptitude/yum update to hit the
	  network interface too... 
That will keep your system pretty busy.. and "chaotic" while creating your new 
encryption key(s).


On Friday 01 October 2010, Tweeks wrote:
> If you were a apart of our original GPG keysigning party back in September
> of 2005, then it's very possible (if you created a 5yr ElGamal encryption
> key) that your encrypting key has just recently expired.
> If this is the case, then you're in a very sensitive place right now.  If
> you created your signing and encryption keys like we told you (a unlimited
> 1024 DSA signing key, and a 5yr 2048 or 4096bit ElGamal signing key), then
> all you need do is create a new ElGamal encryption subkey (sub to your
> signing key).
> To do this.. just follow the directions here:
> https://wiki.slugbug.org.uk/GPG#Generating_a_new_encryption_sub-key
> And I think I'm going to recommend that the next meeting be another
> key-signing party.. both for new folks who want to create and start using
> GPG key pairs, or just for those who may have messed up and need to start
> over.
> NOTE: If your encryption key HAVE expired.. don't just go and create a
> whole new set of signing and encrypting keys with some GUI.  In doing so
> you would lose all those great signatures you've built up!  If you just
> follow the command line directions outlined in that URL, then you'll be
> able to safely add a new sub-encryption key and be good to go.  If your
> master DSA signing key expired.. then you may be hosed (I don't know of a
> way to re-up an expired key).
> Any other related thoughts or feedback?
> Travis?  You still on list or have any suggestions?
> Tweeks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.satlug.org/pipermail/satlug/attachments/20101001/81c8b89d/attachment.bin

More information about the SATLUG mailing list