Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Revoke a key 0E84608B

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


markoran at eunet

Jan 31, 2012, 4:12 AM

Post #1 of 8 (748 views)
Permalink
Revoke a key 0E84608B

I tried to revoke this key since after changing a passphrase on 2012-01-28 and using it with new passphrase immediately after, after a few hours I could not again be successfull (bad passphrase).

But revkey also askes for a passphrase.

Is there any way to revoke this key?

Best regards
Attachments: 0x0E84608B.asc (6.35 KB)


markoran at eunet

Jan 31, 2012, 3:16 AM

Post #2 of 8 (737 views)
Permalink
Revoke a key 0E84608B [In reply to]

I tried to revoke this key since after changing a passphrase on 2012-01-28 and using it with new passphrase imidiately after, after a few hours I could not again be successfull (bad passphrase).

But revkey also askes for a passphrase.

Is there any way to revoke this key?

Best regards
Attachments: 0x0E84608B.asc (6.35 KB)


wk at gnupg

Jan 31, 2012, 4:58 AM

Post #3 of 8 (742 views)
Permalink
Re: Revoke a key 0E84608B [In reply to]

On Tue, 31 Jan 2012 12:16, markoran [at] eunet said:

> Is there any way to revoke this key?

No. That is way we suggest to create and print out a revocation
certificate right after key creation.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


olav at enigmail

Jan 31, 2012, 6:46 AM

Post #4 of 8 (734 views)
Permalink
Re: Revoke a key 0E84608B [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi Marko,

how I understood your issue: you have a key, changed it's passphrase and used
it successfully after that. Then, after some time, you could no longer use it
since GnuPG said you entered a "bad passphrase".

If that's correct, here are my thoughts:

- - There is no known passphrase mingling issue with GnuPG, so a passphrase you
once set should still work, but

- - It could be that you entered it with a different keyboard/lang/codepage
setting. If you have several locales installed (e.g. in Gnome), please
figure out which characters could be different.

- - Your key worked for some time and then no more after a while. That might be
due to gpg-agent that still had your key cached. After cache expiration, it
reasked for the passphrase.

- - To CREATE a rev cert, you need your secret key and your passphrase.
To IMPORT an existing rev cert, you don't need a passphrase. That is why
you should create a rev cert directly after generating a key pair.

- - If your broken key was uploaded on a keyserver and you cannot revoke, it
will stay "valid" there forever - just add a newer key and live with it.
If you successfully imported it, mind to upload the revoked public key.

Olav
- --
The Enigmail Project - OpenPGP Email Security For Mozilla Applications
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/

iQGcBAEBAwAGBQJPJ/7QAAoJEKGX32tq4e9WuC0L/ifx7TIzHPCucWXjYO9mbYtr
TvHcf4b3ec8Eom4zAX0YEeGluj3bCxru84Z3O1ALYpCd1EnKN2w1HwHBGgS+lu6I
YzxQwvM/JrhFQ/7rQ5z6wknPay4FtIRQ6hz9JuYhA70LBMN4lxfdRPMJ9LZNX2by
OzvMOKyApNw6ZnYgeH6haUPBlZIP2a7N3s4S1mz2mt8N5Mz+D6s5OaZvGW5TVn73
y19mN35wnCEv8QYHySazr+IwWV41dxfYN/p0d//h0VSQdDlAbmL8Rle1O+hLrHEk
P4hAGCKrORZRO1PN+gbb0pUy5HbL6wPhaK42HfEjrEyMgAY1dP4weVOqi9m0hIsc
vFWY1x0gcZguhmehNdnksM9JciQTUbDlTsN2Bpp80znYhLJ6cZ87ZNVYdgiXe0v+
jDqNYuvNM4AU09TLWM85T7kkE9EQ80rFDyD2auf/uqfrSTE80zpKGZfVEXchlqsd
rNgR4QHEKXD4lbWHm7M4JBJbkCdt1td9jzpkeajO7Q==
=ChPo
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


faramir.cl at gmail

Jan 31, 2012, 11:57 AM

Post #5 of 8 (737 views)
Permalink
Re: Revoke a key 0E84608B [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 31-01-2012 9:12, Marko Randjelovic escribió:
> I tried to revoke this key since after changing a passphrase on
> 2012-01-28 and using it with new passphrase immediately after,
> after a few hours I could not again be successfull (bad
> passphrase).

Since you know the old and new passphrase, maybe you can bruteforce
it, using passphrases as a guide and looking for characters that could
have been mistyped. I don't know about tools to do it, but there
should be some.

> But revkey also askes for a passphrase.

To generate a revocation certificate you need the private key, so
you need the passphrase. If you have an already generated revocation
certificate, importing it doesn't require passphrase.

> Is there any way to revoke this key?

No. If you uploaded your key to keyservers, the only thing you can
do is to ask people that signed that key to revoke the signatures on
it, that way, it would be easier to chose the right key in future (I
mean, once you get a new key, and it gets signed, people will find 2
keys, one signed, and new, and another with revoked signatures, and
older).


Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJPKEeqAAoJEMV4f6PvczxAv2EIAI8wTLWn2tv89Nw8T9TozIT0
MvTp++8cmMUbn3HjzG6Q6T8bxWu9lQGy55MeP1Qx2wAw6A5m4PT/0Ys1Qc8Cdnqt
ffcia/SroyS/knm/jnzQfht3oNocHU1X/OSYzJqEZ6E1CCTLs4c0TeNlRleF9UCZ
V/IVQSZcxd25pl7GRl0tFbSdDihrwG6b6FFgZ6e/Rw02hus+sFUv2jv7ZWn5hdI5
KKJgdCC4KgBbXrSuGV9i7heSAEDvRbL0On0ysqLMRO43DlLet65hsmA09u527RgK
fDn9mpCI82jNuD/AmeJcVP1uaI1bgoowUkr8w3RYJ4fvtS6iQjnT5pKjbmO2bKk=
=9bNi
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


faramir.cl at gmail

Jan 31, 2012, 12:03 PM

Post #6 of 8 (732 views)
Permalink
Re: Revoke a key 0E84608B [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 31-01-2012 9:12, Marko Randjelovic escribió:
> I tried to revoke this key since after changing a passphrase on
> 2012-01-28 and using it with new passphrase immediately after,
> after a few hours I could not again be successfull (bad
> passphrase).

I searched your key, and it will expire in about one and half year,
so, if everything fails, at least it won't haunt you until the end of
time.

Best Regards, and good luck with the attempt to recover it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJPKEkCAAoJEMV4f6PvczxA7osH/1oX7AO8v12MfZh1B73LXr9j
AicqVp33L632dZYNez/oB0w1htDGPcIH0AqTXai4OdRN9wm3qldgDQycMhDRpLyP
BImc6psM0IY8eaOyJ2FpEe0LTCjomlmnYetdt67P1H1s23iAn4jgwJbIYZ7m4v9e
KiKmCtme+//tvFehiA7R7L/z69MPglZghoJdqEnoXGQaM1t7zvGQX2NOIVCRzDf8
e+oFrOzYf5sk212+g+ZwMs/N5ncZMUgVVNAy96PqcB2aJV0L+krs2+9Bj4nJ3Ocu
/bHSh0BrN47muakvAjOIBLJiKJPFRqintPx6YV/wcJ697jXDxofDIoVa7aElpNs=
=p5tD
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


markoran at eunet

Jan 31, 2012, 1:08 PM

Post #7 of 8 (734 views)
Permalink
Re: Revoke a key 0E84608B [In reply to]

On 01/31/2012 01:58 PM, Werner Koch wrote:
> No. That is way we suggest to create and print out a revocation
> certificate right after key creation.

Thanks all to your suggestions.

I just got one idea. I have a backup. Can I unpack my secret ring file
backup and use it to generate revocation certificate, since in that file
it's still old passphrase that I typed many times?

Best regards
Attachments: 0x0E84608B.asc (6.35 KB)


dougb at dougbarton

Jan 31, 2012, 1:26 PM

Post #8 of 8 (732 views)
Permalink
Re: Revoke a key 0E84608B [In reply to]

On 01/31/2012 13:08, Marko Randjelovic wrote:
> On 01/31/2012 01:58 PM, Werner Koch wrote:
>> No. That is way we suggest to create and print out a revocation
>> certificate right after key creation.
>
> Thanks all to your suggestions.
>
> I just got one idea. I have a backup. Can I unpack my secret ring file
> backup and use it to generate revocation certificate, since in that file
> it's still old passphrase that I typed many times?

If you have access to a valid copy of your secret key there is no reason
to revoke it ... unless of course you have reason to believe that it's
been compromised in some way.


Doug

--

It's always a long day; 86400 doesn't fit into a short.

Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.