Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Changing the email address of a key

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


ricul77 at gmail

Aug 27, 2012, 1:59 PM

Post #1 of 12 (2502 views)
Permalink
Changing the email address of a key

When I generated my new private key, I used one of my email addresses.
This email address is stored both on the crypto stick (smart card) and
in the secring.gpg or pubring.gpg, probably both.
Now I would like to use that key with another email address.
Is it possible to change the email address of a key, and how would I
proceed to have it on the stick and in the gpg stub files?

Rgds
Richard


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


pants at cs

Aug 27, 2012, 2:57 PM

Post #2 of 12 (2479 views)
Permalink
Re: Changing the email address of a key [In reply to]

On Mon, Aug 27, 2012 at 10:59:03PM +0200, Richard Ulrich wrote:
> Is it possible to change the email address of a key, and how would I
> proceed to have it on the stick and in the gpg stub files?

You can add or delete the names and emails associated with a key using
gpg --edit-key and the adduid and deluid commands, respectively.

pants.


wk at gnupg

Aug 28, 2012, 1:37 AM

Post #3 of 12 (2474 views)
Permalink
Re: Changing the email address of a key [In reply to]

On Mon, 27 Aug 2012 23:57, pants [at] cs said:

> You can add or delete the names and emails associated with a key using
> gpg --edit-key and the adduid and deluid commands, respectively.

You may use "deluid" only if you never published your public key. The
better choice is "revuid". Thus if you have a new mail address, you use

gpg --edit-key YOURKEYID

addkey

# Now follow the prompts

# If you don't need the old mail address anymore, you may use

uid N
revuid

# Where N is the number of the UID. The command will mark it in the
# list. REVUID then creates a revocation for the user id.

# Finally save your changes

# save

and then send your key back to the keyservers ("gpg --send-key YOURKEYID")


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Aug 28, 2012, 1:49 AM

Post #4 of 12 (2475 views)
Permalink
Re: Changing the email address of a key [In reply to]

On 28/08/12 10:37, Werner Koch wrote:
> gpg --edit-key YOURKEYID
>
> addkey
>
> # Now follow the prompts

Surely, Werner meant "adduid" which adds a new e-mail address, and not "addkey"
which adds a new subkey.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


mkaysi at users

Aug 28, 2012, 6:57 AM

Post #5 of 12 (2477 views)
Permalink
Re: Changing the email address of a key [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

27.08.2012 23:59, Richard Ulrich kirjoitti:
> When I generated my new private key, I used one of my email
> addresses. This email address is stored both on the crypto stick
> (smart card) and in the secring.gpg or pubring.gpg, probably both.
> Now I would like to use that key with another email address. Is it
> possible to change the email address of a key, and how would I
> proceed to have it on the stick and in the gpg stub files?

I don't know about crypto sticks nor smart cards, but you cannot
change email address in key, nor remove it (or if you do, keyservers
will still contain the old uid).

You can use gpg --edit-key KEYID and then select the uid with correct
number and give command "revuid", so the uid appears as revoked to
people who get your key.

- --
Mika Suomalainen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Public key: http://mkaysi.github.com/PGP/0x82A46728.txt
Comment: gpg --fetch-keys http://mkaysi.github.com/PGP/0x82A46728.txt
Comment: Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
Comment: I have personal problem with PGP/MIME...
Comment: ...so signature *IS* long. See http://git.io/6FLzWg
Comment: Please remove PGP lines in replies. http://git.io/nvHrDg
Comment: Charset of this message should be UTF-8.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJQPM5GAAoJEE21PP6CpGcoVhMQAKZcA4DNywh+z/EPmSUdPUiz
ujvGnGX08M3n/5DgK60qzBFOaULKXCzAyESWFPo2Coh/8n3ZDSFjwRVLVYrB1JvS
VDdbqJc1L5sfsa8WIhop6kBr9nbhpuoPVOPDaw/kOzfcwoI2dakgwy18r4KVt/SL
lgDnCatNKzYeKAy06er1TKDP9v4th2J61+Bx4pnogWLQlxqw9EfDhueyfkSTTK6x
6e9YHJfaaqtPic5i9us9Blo+8fKuhxTgN86loNc56yv4FX7lqb1Ca0K7TgwMaIU3
SYdpm5NgrQPgSXozFGOc9fDdbro7CrPW+3XB42Yx9Cv0qfrgRENJUupPxw8NhQIH
0x9Yrtq2iqDSdxPXYxEubir6CSm+GjT+xZ/gh38YvZ+JQfzBV6SIg4g20lfCGKzL
/TVfEfEOjb1VwvPdl0BSzeMav3oZ+I+tk6WP1YwVw8AUj6bhjkYewI0jTHZPIyW5
S3K3CATl/MMVE0c4r0miwOn1uqTSQ8YnGSdhMh8zYggRBiG+MP1YQ7HSBxtscK4j
MOpThRDfRT1brntREVni6fSSJV7QFWh8EICn3FOtQYTsVwc/OGuIDO95U1b77L2Z
9dzwOH1SxWpL47vOEIeLKb+ikZlZbxkJYEpNf2FoJ3yx7MmkU+p2XLY577U4o529
4GaNqY7oSnBtWOxk7sXW
=O2Ih
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


ricul77 at gmail

Aug 28, 2012, 12:54 PM

Post #6 of 12 (2471 views)
Permalink
Re: Changing the email address of a key [In reply to]

Will this also write also to the smart-card or are the changes only in
the local keyring?
I'm a bit hesitant because the full disk encryption on my netbook works
also with the same key, and I don't want to reinstall the whole thing.

Rgds
Richard

On Di, 2012-08-28 at 10:49 +0200, Peter Lebbing wrote:
> On 28/08/12 10:37, Werner Koch wrote:
> > gpg --edit-key YOURKEYID
> >
> > addkey
> >
> > # Now follow the prompts
>
> Surely, Werner meant "adduid" which adds a new e-mail address, and not "addkey"
> which adds a new subkey.
>
> HTH,
>
> Peter.
>



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Aug 28, 2012, 11:49 PM

Post #7 of 12 (2469 views)
Permalink
Re: Changing the email address of a key [In reply to]

On 28/08/12 21:54, Richi Lists wrote:
> Will this also write also to the smart-card or are the changes only in
> the local keyring?

UIDs are not stored on the smartcard, so it does not matter.

> I'm a bit hesitant because the full disk encryption on my netbook works
> also with the same key, and I don't want to reinstall the whole thing.

Understandable. If I understand correctly, you used GnuPG to encrypt the file
that unlocks your netbook? In that case, the *uid commands should be safe,
because they do not influence decryption of files. To be on the safe side, keep
a copy of your key as it is now, and after you changed the e-mail address, try
to decrypt some file. If that works, it should also decrypt the file that
unlocks your netbook.

It is wise to keep a copy of your key as it is now around just in case, anyway.
If you do something wrong, you can take the backup and start over.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


ricul77 at gmail

Aug 29, 2012, 4:53 AM

Post #8 of 12 (2474 views)
Permalink
Re: Changing the email address of a key [In reply to]

I can't get it to work wether I try it on the primary or the sub key and
whether I use gpg or gpg2.

Rgds
Richard

$ gpg2 -v --edit-key E8401492!
gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: using subkey E8401492 instead of primary key 0AE275A9
Secret key is available.

gpg: using PGP trust model
pub 2048R/0AE275A9 created: 2012-08-07 expires: 2022-08-05 usage:
SC
trust: ultimate validity: ultimate
sub 2048R/8760DB3E created: 2012-08-07 expires: never usage:
E
sub 2048R/E8401492 created: 2012-08-07 expires: never usage:
S
sub 2048R/5A097EF6 created: 2012-08-07 expires: never usage:
S
sub 2048R/EC980139 created: 2012-08-07 expires: 2022-08-05 usage:
E
[ultimate] (1). Richard Ulrich (ulrichard) <richiulr [at] gmail>

Real name: Richard Ulrich
Email address: richi [at] paraeasy
Comment: ulrichard
You selected this USER-ID:
"Richard Ulrich (ulrichard) <richi [at] paraeasy>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: secret key parts are not available
gpg: signing failed: Unusable secret key



$ gpg2 -s -v -u E8401492! setup_my_system.sh
gpg: no secret subkey for public subkey EC980139 - ignoring
gpg: using subkey E8401492 instead of primary key 0AE275A9
gpg: writing to `setup_my_system.sh.gpg'
gpg: using subkey E8401492 instead of primary key 0AE275A9
gpg: RSA/SHA1 signature from: "E8401492 Richard Ulrich (ulrichard)
<richiulr [at] gmail>"


On Mi, 2012-08-29 at 08:49 +0200, Peter Lebbing wrote:
> On 28/08/12 21:54, Richi Lists wrote:
> > Will this also write also to the smart-card or are the changes only in
> > the local keyring?
>
> UIDs are not stored on the smartcard, so it does not matter.
>
> > I'm a bit hesitant because the full disk encryption on my netbook works
> > also with the same key, and I don't want to reinstall the whole thing.
>
> Understandable. If I understand correctly, you used GnuPG to encrypt the file
> that unlocks your netbook? In that case, the *uid commands should be safe,
> because they do not influence decryption of files. To be on the safe side, keep
> a copy of your key as it is now, and after you changed the e-mail address, try
> to decrypt some file. If that works, it should also decrypt the file that
> unlocks your netbook.
>
> It is wise to keep a copy of your key as it is now around just in case, anyway.
> If you do something wrong, you can take the backup and start over.
>
> Peter.
>



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Aug 29, 2012, 5:11 AM

Post #9 of 12 (2471 views)
Permalink
Re: Changing the email address of a key [In reply to]

On 29/08/12 13:53, Richi Lists wrote:
> I can't get it to work wether I try it on the primary or the sub key and
> whether I use gpg or gpg2.
> [...]
>
> $ gpg2 -v --edit-key E8401492!
> [...]
>
> gpg: using subkey E8401492 instead of primary key 0AE275A9
> Secret key is available.

Why are you forcing using the subkey? An UID is /always/ on the primary key, it
makes no sense to make an UID on the subkey. I think.

Simply losing the exclamation mark should fix it, or just specify

$ gpg2 --edit-key 0AE275A9

Also, apart from UIDs on subkeys making no sense, it would seem to me that an
UID needs to be bound with a Certification-capable signing key, whereas your
signing subkey E8401492 can only make signatures on data. That's probably why
GnuPG says:

> gpg: signing failed: Unusable secret key

Although it could also be that the secret part for that subkey is simply not
available? I'm not sure whether the "secret key is available" message I quoted
above pertains to the primary key or the secret subkey you forced on the command
line.

If you still have problems after this explanation, please provide more data
about your setup. You have two encryption subkeys, two data signature subkeys,
and GnuPG complains that there are secret parts missing. It will be a lot easier
to help you if you can explain what pieces of data are where :).

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


ricul77 at gmail

Aug 30, 2012, 1:25 AM

Post #10 of 12 (2473 views)
Permalink
Re: Changing the email address of a key [In reply to]

Using the primary key was what I tried first. But when I saw the error
message "signing failed", I thought I'd have to force the proper signing
subkey, like I have to do for signing emails.

My setup is more or less the following:
http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups
with the addition of a sub key for ssh authentication:
http://www.programmierecke.net/howto/gpg-ssh.html -> section "with
smartcard (openpgp)"

Rgds
Richard

$ gpg --edit-key 0AE275A9
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub 2048R/0AE275A9 created: 2012-08-07 expires: 2022-08-05 usage:
SC
trust: ultimate validity: ultimate
sub 2048R/8760DB3E created: 2012-08-07 expires: never usage:
E
sub 2048R/E8401492 created: 2012-08-07 expires: never usage:
S
sub 2048R/5A097EF6 created: 2012-08-07 expires: never usage:
S
sub 2048R/EC980139 created: 2012-08-07 expires: 2022-08-05 usage:
E
[ultimate] (1). Richard Ulrich (ulrichard) <richiulr [at] gmail>

Real name: Richard Ulrich
Email address: richi [at] paraeasy
Comment: ulrichard
You selected this USER-ID:
"Richard Ulrich (ulrichard) <richi [at] paraeasy>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: secret key parts are not available
gpg: signing failed: general error


$ gpg --list-keys
/home/richi/.gnupg/pubring.gpg
------------------------------
pub 2048R/0AE275A9 2012-08-07 [expires: 2022-08-05]
uid Richard Ulrich (ulrichard) <richiulr [at] gmail>
sub 2048R/8760DB3E 2012-08-07
sub 2048R/E8401492 2012-08-07
sub 2048R/5A097EF6 2012-08-07
sub 2048R/EC980139 2012-08-07 [expires: 2022-08-05]


$ gpg --card-status
Application ID ...: D27600012401020000050000115F0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Private DO 3 .....: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 6
Signature key ....: 6555 FA9F AEEF 386C 50E2 7AE1 02EC 6014 E840 1492
created ....: 2012-08-07 19:01:59
Encryption key....: 3A6C CF0A C29F 3DFC 60AF DCCE 31AA D811 8760 DB3E
created ....: 2012-08-07 19:00:54
Authentication key: 2C12 F55B 69D3 088E BFD9 C010 BABF AE12 5A09 7EF6
created ....: 2012-08-07 19:04:12
General key info..: pub 2048R/E8401492 2012-08-07 Richard Ulrich
(ulrichard) <richiulr [at] gmail>
sec# 2048R/0AE275A9 created: 2012-08-07 expires: 2022-08-05
card-no: 0005 0000115F
card-no: 0005 0000115F
card-no: 0005 0000115F



On Mi, 2012-08-29 at 14:11 +0200, Peter Lebbing wrote:
> On 29/08/12 13:53, Richi Lists wrote:
> > I can't get it to work wether I try it on the primary or the sub key and
> > whether I use gpg or gpg2.
> > [...]
> >
> > $ gpg2 -v --edit-key E8401492!
> > [...]
> >
> > gpg: using subkey E8401492 instead of primary key 0AE275A9
> > Secret key is available.
>
> Why are you forcing using the subkey? An UID is /always/ on the primary key, it
> makes no sense to make an UID on the subkey. I think.
>
> Simply losing the exclamation mark should fix it, or just specify
>
> $ gpg2 --edit-key 0AE275A9
>
> Also, apart from UIDs on subkeys making no sense, it would seem to me that an
> UID needs to be bound with a Certification-capable signing key, whereas your
> signing subkey E8401492 can only make signatures on data. That's probably why
> GnuPG says:
>
> > gpg: signing failed: Unusable secret key
>
> Although it could also be that the secret part for that subkey is simply not
> available? I'm not sure whether the "secret key is available" message I quoted
> above pertains to the primary key or the secret subkey you forced on the command
> line.
>
> If you still have problems after this explanation, please provide more data
> about your setup. You have two encryption subkeys, two data signature subkeys,
> and GnuPG complains that there are secret parts missing. It will be a lot easier
> to help you if you can explain what pieces of data are where :).
>
> Peter.
>



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Aug 30, 2012, 1:48 AM

Post #11 of 12 (2471 views)
Permalink
Re: Changing the email address of a key [In reply to]

On 30/08/12 10:25, Richi Lists wrote:
> Using the primary key was what I tried first. But when I saw the error
> message "signing failed", I thought I'd have to force the proper signing
> subkey, like I have to do for signing emails.
>
> My setup is more or less the following:
> http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups
> with the addition of a sub key for ssh authentication:
> http://www.programmierecke.net/howto/gpg-ssh.html -> section "with
> smartcard (openpgp)"

The thing is that for a new UID, you need the, what they call, master key. That
would be the primary key. So when you followed the instructions under the
heading "Remove the master key from the keyring", you where after that unable to
use your master/primary key to create a new UID.

So you go back a little in the document to the part where you had your USB stick
with the primary key and all subkeys guarded by Orcs or some other fearsome
creature. Plead with the creature to have your USB stick back, once again follow
the section "Go offline", import your primary key from the USB stick (wipe away
the Orc spittle before inserting; ignore the chew marks on the protective cap).

After you have created the new UID with the primary key and exported the whole
to the USB stick, re-remove the primary key from the system.

Oh, by the way, the reason you need the exclamation mark to specify which key to
use to sign is because you have two signing keys. Apparently GnuPG tries it with
the one you don't have the secret part for if you don't give the exclamation
mark. But bear in mind the difference between a signature on a key(/UID) and on
data. The signing subkey is for signatures on data.

Good luck,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


ricul77 at gmail

Sep 7, 2012, 6:15 AM

Post #12 of 12 (2441 views)
Permalink
Re: Changing the email address of a key [In reply to]

That worked.
Thanks a lot!

Rgds
Richard

On Do, 2012-08-30 at 10:48 +0200, Peter Lebbing wrote:
> On 30/08/12 10:25, Richi Lists wrote:
> > Using the primary key was what I tried first. But when I saw the error
> > message "signing failed", I thought I'd have to force the proper signing
> > subkey, like I have to do for signing emails.
> >
> > My setup is more or less the following:
> > http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups
> > with the addition of a sub key for ssh authentication:
> > http://www.programmierecke.net/howto/gpg-ssh.html -> section "with
> > smartcard (openpgp)"
>
> The thing is that for a new UID, you need the, what they call, master key. That
> would be the primary key. So when you followed the instructions under the
> heading "Remove the master key from the keyring", you where after that unable to
> use your master/primary key to create a new UID.
>
> So you go back a little in the document to the part where you had your USB stick
> with the primary key and all subkeys guarded by Orcs or some other fearsome
> creature. Plead with the creature to have your USB stick back, once again follow
> the section "Go offline", import your primary key from the USB stick (wipe away
> the Orc spittle before inserting; ignore the chew marks on the protective cap).
>
> After you have created the new UID with the primary key and exported the whole
> to the USB stick, re-remove the primary key from the system.
>
> Oh, by the way, the reason you need the exclamation mark to specify which key to
> use to sign is because you have two signing keys. Apparently GnuPG tries it with
> the one you don't have the secret part for if you don't give the exclamation
> mark. But bear in mind the difference between a signature on a key(/UID) and on
> data. The signing subkey is for signatures on data.
>
> Good luck,
>
> Peter.
>



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.