[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 07 Dec 2006 01:27:47 +0000 Jonathan Roberts <jonathan.roberts.uk@xxxxxxxxxxxxxx> wrote: > Hey guys, > > I have two computers that I regularly send mail from. One of them has > recently been in for repairs If the secret key was on the machine sent in for repairs, you cannot discount the possibility that the key has or will be compromised. You should revoke the current key and create a new one (with revocation certificate). http://www.dcglug.org.uk/linux_doc/startgnupg.html#revoke Knowing that the secret key could have been copied by some unknown maintenance worker, I would be unable to sign your key, should that be requested. It's not as bad as a full compromise where the key and passphrase are known to someone else but the key should still be revoked. > and since this has been the case I haven't > been able to send signed messages because I only have my gnupg key on > one of the systems. The secret key on that system should be used to revoke that key. > How can I transfer my key so I can use it on both systems? Create a new key on system1. Send that key to keyservers. Run gpg -a --export-secret-keys KEYID > somefile and copy that file to system2 (using ssh/scp). On system2, retrieve the public key from the keyserver (gpg --recv-keys KEYID) and import the secret key from the file (gpg --import). On system1 and system2, run 'shred' on the temporary file: shred -u -z somefile should be sufficient. In future: If you need to get a system repaired and you have a working operating system (even just a terminal or rescue disk), run shred on all files in ~/.gnupg/ before sending off for repair. In many cases, systems do not need to be sent off for repair anyway - there are plenty of people on this list who could probably have fixed the problem or enabled you to fix the problem. Hardware problems are as common as software problems on the list. By asking advice and fixing the problem yourself, none of these key problems arise. If you really want a system repaired by some third party and you don't have access to the files on the harddrive, consider removing the harddrive - again, people on the list do have such things as spare hard drives lying around. I know I do and I know that Neil S., David M. and several others will have too. There's likely to be someone in the group not that far from you. Finally, always have a backup of your key and a revocation certificate. Always be prepared to revoke any key, no matter how many signatures it may have and no matter how "important" the key may be, should there be any likelihood of a compromise. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpRT8xryj4io.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html