[SATLUG] Re: [XCSSA] GPG Encryption Sub-Key Expired? Create a new
one! But carefully... ; )
tweeks at rackspace.com
Fri Oct 1 10:45:57 CDT 2010
Did you have a revocation key set aside somewhere?
Now you see the importance of having a) both a backup of your private key as well as a revocation key stored separately somewhere?
We could actually use your case as an example. I know that keysigning's aren't supposed to involve computers.. so maybe in December we can have people bring their laptops and we can touch on topics such as:
-Using GPG with your computers (safely)
-Using GPG with removable media
-Creation/archiving revocation keys
(maybe I'll bring blank CDRs to offer to back people's revocation ;)
-File and encryption HOWTO
anything else you all think we need?
"Chris Goldsmith" <chris.goldsmith at rackspace.com> said:
> count me in for a key signing party i screwed up and lost the one i
> created at the last key sign party
> On Fri, 1 Oct 2010 09:36:09 -0500
> Tweeks <tweeks at rackspace.com> wrote:
>> If you were a apart of our original GPG keysigning party back in
>> September of 2005, then it's very possible (if you created a 5yr
>> ElGamal encryption key) that your encrypting key has just recently
>> If this is the case, then you're in a very sensitive place right
>> now. If you created your signing and encryption keys like we told
>> you (a unlimited 1024 DSA signing key, and a 5yr 2048 or 4096bit
>> ElGamal signing key), then all you need do is create a new ElGamal
>> encryption subkey (sub to your signing key).
>> To do this.. just follow the directions here:
>> And I think I'm going to recommend that the next meeting be another
>> key-signing party.. both for new folks who want to create and start
>> using GPG key pairs, or just for those who may have messed up and
>> need to start over.
>> NOTE: If your encryption key HAVE expired.. don't just go and create
>> a whole new set of signing and encrypting keys with some GUI. In
>> doing so you would lose all those great signatures you've built up!
>> If you just follow the command line directions outlined in that URL,
>> then you'll be able to safely add a new sub-encryption key and be
>> good to go. If your master DSA signing key expired.. then you may be
>> hosed (I don't know of a way to re-up an expired key).
>> Any other related thoughts or feedback?
>> Travis? You still on list or have any suggestions?
> Chris Goldsmith
> RHCE / Managed Backup Administrator II
> Managed Backup Configuration Details Available @ my.rackspace.com
> Services -> Managed Backup for usage overview
> Services -> Managed Backup -> Recent Backups for Server MBU Config
> Experience Fanatical Support®
> 800 961-4454
> XCSSA mailing list
> XCSSA at xcssa.org
More information about the SATLUG