[TriLUG] Signed keys

Tanner Lovelace lovelace at wayfarer.org
Fri Jan 18 02:44:11 EST 2002 

On Fri, 2002-01-18 at 02:04, Bill Vinson wrote:
> I am trying to get more informed on signing my e-mail, etc.
> 
> I am trying to figure out how to do something...
> 
> I have 2 old keys out on PGP servers.
> 
> Public Key Server -- Index ``Bill Vinson ''
> Type bits/keyID    Date       User ID
> pub  1024/7762CAE9 2000/05/04 Bill Vinson <billvinson at nc.rr.com>
> pub  1024/8CB4BF7C 1997/11/21 Bill Vinson <billv at earthlink.net>
> 
> These were both keys that I created back before I took this 
> seriously :)  I have a feeling I know what the passphrase is, but if I 
> import them and try to generate a revoke script I get the following 
> error:
> 
> [localhost:~/Documents] bill% gpg --output earthlink-revoke.asc 
> --gen-revoke billv at earthlink.net
> gpg: secret key for user `billv at earthlink.net' not found
> 
> How do I get around this?  If I can get it revoked, then how do I kill 
> it out on the servers?
> 
> Ok, last idea.  Is it possible to crack my own keys and if so can I then 
> revoke them?
> 

Well, you must have your secret key to generate a revocation
certificate for your keys.  Otherwise, anyone could generate one
for you and cause all kinds of havoc!  I don't believe it is
feasible to attempt to find the secret key based on just
the public key.  Generally, you have some sort of ciphertext
and can use that to help.  Unfortunately, for you, breaking
pgp encryption is an *extremely non-trivial* task.  Unless you
have exclusive access to a high power supercomputer and years
to wait, I don't think you'll have any luck. :-)

So, the best thing to do would be to see if you've saved
your secret key somewhere.  Breaking the "password" on a 
secret key is considerably easier than breaking the secret
key itself.

This is a perfect situation of why you should generate a
revocation certificate at the same time you generate a 
key.  (Although, in this case, I'm guessing it wouldn't
help because you don't know where your secret key is, right?)

Sorry, but that's just the way it is. :-(

Tanner
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
 Those who are willing to sacrifice essential liberties for a little 
 order, will lose both and deserve neither.  --  Benjamin Franklin 

 History teaches that grave threats to liberty often come in times
 of urgency, when constitutional rights seem too extravagant to 
 endure.  --  Justice Thurgood Marshall, 1989 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020118/09c65df5/attachment.pgp>

More information about the TriLUG mailing list