[SATLUG] Re: [XCSSA] GPG Encryption Sub-Key Expired? Create a new one! But carefully... ; )

Thomas Weeks tweeks at rackspace.com
Fri Oct 1 10:45:57 CDT 2010


Hey Chris...
Did you have a revocation key set aside somewhere?

Now you see the importance of having a) both a backup of your private key as well as a revocation key stored separately somewhere?

;)

We could actually use your case as an example.  I know that keysigning's aren't supposed to involve computers.. so maybe in December we can have people bring their laptops and we can touch on topics such as:
  -Using GPG with your computers (safely)
  -Using GPG with removable media
  -Creation/archiving revocation keys
   (maybe I'll bring blank CDRs to offer to back people's revocation ;)
  -File and encryption HOWTO

anything else you all think we need?
Travis?

Tweeks

"Chris Goldsmith" <chris.goldsmith at rackspace.com> said:

> count me in for a key signing party i screwed up and lost the one i
> created at the last key sign party
> 
> On Fri, 1 Oct 2010 09:36:09 -0500
> Tweeks <tweeks at rackspace.com> wrote:
> 
>> If you were a apart of our original GPG keysigning party back in
>> September of 2005, then it's very possible (if you created a 5yr
>> ElGamal encryption key) that your encrypting key has just recently
>> expired.
>>
>> If this is the case, then you're in a very sensitive place right
>> now.  If you created your signing and encryption keys like we told
>> you (a unlimited 1024 DSA signing key, and a 5yr 2048 or 4096bit
>> ElGamal signing key), then all you need do is create a new ElGamal
>> encryption subkey (sub to your signing key).
>>
>> To do this.. just follow the directions here:
>> https://wiki.slugbug.org.uk/GPG#Generating_a_new_encryption_sub-key
>>
>> And I think I'm going to recommend that the next meeting be another
>> key-signing party.. both for new folks who want to create and start
>> using GPG key pairs, or just for those who may have messed up and
>> need to start over.
>>
>> NOTE: If your encryption key HAVE expired.. don't just go and create
>> a whole new set of signing and encrypting keys with some GUI.  In
>> doing so you would lose all those great signatures you've built up!
>> If you just follow the command line directions outlined in that URL,
>> then you'll be able to safely add a new sub-encryption key and be
>> good to go.  If your master DSA signing key expired.. then you may be
>> hosed (I don't know of a way to re-up an expired key).
>>
>> Any other related thoughts or feedback?
>>
>> Travis?  You still on list or have any suggestions?
>>
>> Tweeks
>>
> 
> 
> 
> --
> Chris Goldsmith
> RHCE / Managed Backup Administrator II
> 
> Managed Backup Configuration Details Available @ my.rackspace.com
> Services -> Managed Backup for usage overview
> Services -> Managed Backup -> Recent Backups for Server MBU Config
> details
> 
> Rackspace
> Experience Fanatical Support®
> 800 961-4454
> 
> _______________________________________________
> XCSSA mailing list
> XCSSA at xcssa.org
> http://xcssa.org/mailman/listinfo/xcssa
> 




More information about the SATLUG mailing list