[SATLUG] Re: [XCSSA] GPG Encryption Sub-Key Expired? Create a new one! But carefully... ; )

Tweeks tweeks at rackspace.com
Fri Oct 1 09:46:05 CDT 2010


BTW.. Just before you hit enter on this step:
	https://wiki.slugbug.org.uk/GPG#Generating_a_new_encryption_sub-key
	...
	Really create? y
	...

I would recommend doing a couple of things on your system to increase entropy.
	1) In one new shell/c-term, run this:
		sudo find / -exec stat {} \;
	2) In another do this:
		cat /dev/urandom |strings
	3) Paranoid folks may also do a aptitude/yum update to hit the
	  network interface too... 
	
That will keep your system pretty busy.. and "chaotic" while creating your new 
encryption key(s).

Tweeks


On Friday 01 October 2010, Tweeks wrote:
> If you were a apart of our original GPG keysigning party back in September
> of 2005, then it's very possible (if you created a 5yr ElGamal encryption
> key) that your encrypting key has just recently expired.
>
> If this is the case, then you're in a very sensitive place right now.  If
> you created your signing and encryption keys like we told you (a unlimited
> 1024 DSA signing key, and a 5yr 2048 or 4096bit ElGamal signing key), then
> all you need do is create a new ElGamal encryption subkey (sub to your
> signing key).
>
> To do this.. just follow the directions here:
> https://wiki.slugbug.org.uk/GPG#Generating_a_new_encryption_sub-key
>
> And I think I'm going to recommend that the next meeting be another
> key-signing party.. both for new folks who want to create and start using
> GPG key pairs, or just for those who may have messed up and need to start
> over.
>
> NOTE: If your encryption key HAVE expired.. don't just go and create a
> whole new set of signing and encrypting keys with some GUI.  In doing so
> you would lose all those great signatures you've built up!  If you just
> follow the command line directions outlined in that URL, then you'll be
> able to safely add a new sub-encryption key and be good to go.  If your
> master DSA signing key expired.. then you may be hosed (I don't know of a
> way to re-up an expired key).
>
> Any other related thoughts or feedback?
>
> Travis?  You still on list or have any suggestions?
>
> Tweeks


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.satlug.org/pipermail/satlug/attachments/20101001/81c8b89d/attachment.bin


More information about the SATLUG mailing list