FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-06-2008, 01:36 PM
John W Foster
 
Default PGP Keys Expiration

I have over the years established several PGP public keys that are no
longer valid due to expired e-mail addresses. I did not think at the
time they were created that I needed an expiration date in thm. Is there
any way to gat rid of these from the PGP key server so that no one will
try to use them. I am now setting expiration dtas in any that I create.
I also wonder if the servers (PGP) periodically send a confirming e-mail
on these to see if the e-mail addresses are still valid, an if not then
automatically expire them.
Thanks!
--
John Foster



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-06-2008, 05:28 PM
"Karl O. Pinc"
 
Default PGP Keys Expiration

On 07/06/2008 08:36:13 AM, John W Foster wrote:

I have over the years established several PGP public keys that are no
longer valid due to expired e-mail addresses. I did not think at the
time they were created that I needed an expiration date in thm.


FWIW, IIRC accepted best practice is to generate a revocation
when you generate the initial key pair. Then (so long as
you keep backups) you'll always be able to revoke the key
even if you forget the password, or whatever.

Karl <kop@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-06-2008, 10:53 PM
"s. keeling"
 
Default PGP Keys Expiration

Karl O. Pinc <kop@meme.com>:
>
> On 07/06/2008 08:36:13 AM, John W Foster wrote:
> > I have over the years established several PGP public keys that are no
> > longer valid due to expired e-mail addresses. I did not think at the
> > time they were created that I needed an expiration date in thm.
>
> FWIW, IIRC accepted best practice is to generate a revocation
> when you generate the initial key pair. Then (so long as
> you keep backups) you'll always be able to revoke the key
> even if you forget the password, or whatever.

Can we expand on that? I have my passphrase. I use the key all the
time. It's tied to my old, now defunct, ISP. You mean I can generate
a revocation key, then generate a new, more accurately tied key?
Hints are welcome.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-06-2008, 11:21 PM
John Hasler
 
Default PGP Keys Expiration

s. keeling writes:
> Can we expand on that? I have my passphrase. I use the key all the
> time. It's tied to my old, now defunct, ISP. You mean I can generate a
> revocation key, then generate a new, more accurately tied key?

What do you mean by "tied"? You can edit the key and add, delete or revoke
uids. man gpg
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-07-2008, 12:21 AM
"s. keeling"
 
Default PGP Keys Expiration

John Hasler <jhasler@debian.org>:
> s. keeling writes:
> > Can we expand on that? I have my passphrase. I use the key all the
> > time. It's tied to my old, now defunct, ISP. You mean I can generate a
> > revocation key, then generate a new, more accurately tied key?
>
> What do you mean by "tied"? You can edit the key and add, delete or revoke
> uids. man gpg

Frankly, I don't know what's the right thing to do. This is esoteric
stuff for me.

gpg: requesting key AC94E4B7 from hkp server subkeys.pgp.net
gpg: key AC94E4B7: "s. keeling (21Dec2003) <keeling@spots.ab.ca>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

Spots is dead. What do I do now to update that to my present
real-world situation, or do I even really have to? I've spent many
hours on the manpage among others.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-07-2008, 12:33 AM
Alex Samad
 
Default PGP Keys Expiration

On Mon, Jul 07, 2008 at 02:21:09AM +0200, s. keeling wrote:
> John Hasler <jhasler@debian.org>:
> > s. keeling writes:
> > > Can we expand on that? I have my passphrase. I use the key all the
> > > time. It's tied to my old, now defunct, ISP. You mean I can generate a
> > > revocation key, then generate a new, more accurately tied key?
> >
> > What do you mean by "tied"? You can edit the key and add, delete or revoke
> > uids. man gpg
>
> Frankly, I don't know what's the right thing to do. This is esoteric
> stuff for me.
>
> gpg: requesting key AC94E4B7 from hkp server subkeys.pgp.net
> gpg: key AC94E4B7: "s. keeling (21Dec2003) <keeling@spots.ab.ca>" not changed
> gpg: Total number processed: 1
> gpg: unchanged: 1
>
> Spots is dead. What do I do now to update that to my present
> real-world situation, or do I even really have to? I've spent many
> hours on the manpage among others.

You can assign multiple UIDs to a key, just add your new emails and
remove the old email and resend it up to the keyservers

>
>
> --
> Any technology distinguishable from magic is insufficiently advanced.
> (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

--
"It's hard to believe that something which is neither seen nor felt can
do so much harm."
"That's true. But an idea can't be seen or felt. And that's what kept
the Troglytes in the mines all these centuries. A mistaken idea."
-- Vanna and Kirk, "The Cloud Minders", stardate 5819.0
 
Old 07-07-2008, 12:53 AM
John Hasler
 
Default PGP Keys Expiration

s. keeling writes:
> Spots is dead. What do I do now to update that to my present real-world
> situation, or do I even really have to? I've spent many hours on the
> manpage among others.

Have you read the _GNU Privacy Handbook_ that is included in the gnupg-doc
package?

You probably don't want to delete the old "spots" uid but adding a new one
is easy.
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-08-2008, 01:23 AM
"s. keeling"
 
Default PGP Keys Expiration

John Hasler <jhasler@debian.org>:
> s. keeling writes:
> > Spots is dead. What do I do now to update that to my present real-world
> > situation, or do I even really have to? I've spent many hours on the
> > manpage among others.
>
> Have you read the _GNU Privacy Handbook_ that is included in the gnupg-doc
> package?

It appears I'll have to wait a bit.

grave bugs of gnupg-doc (-> 2003.04.06-5) <done>
#425351 - Uninstallable: "Can't read doc-base file `gnu-privacy-handbook'" (Fixed: gnupg-doc/2003.04.06-6)
Summary:
gnupg-doc(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...]
Selecting previously deselected package gnupg-doc.
(Reading database ... 72694 files and directories currently installed.)
Unpacking gnupg-doc (from .../gnupg-doc_2003.04.06-5_all.deb) ...
Setting up gnupg-doc (2003.04.06-5) ...
warning: file `/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/html/book1.html' does not exist at /usr/sbin/install-docs line 718, <gnu-privacy-handbook> line 12.
...

Thanks. If it didn't work, I'll go find it elsewhere.

> You probably don't want to delete the old "spots" uid but adding a new one
> is easy.

That's the precious nugget I've been searching for. I knew it had to
be simple, but I'm new to this bit.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-08-2008, 01:49 AM
John Hasler
 
Default PGP Keys Expiration

s. keeling writes:
> grave bugs of gnupg-doc...

<http://www.gnupg.org/gph/en/manual.html>
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 12:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org