[WINPT USERS] Questions about installing latest WinPT over an old version

Steve Butler sbutler@fchn.com
Wed Mar 20 17:00:02 2002

NOTE to GnuPG-user list.  I've cc'd this from the winpt user list as the
issues are really about gnupg rather than winpt.

This person lost their passphrase to their old secret key.  So we are
suggesting that a work around to telling the world that it's lost is for him
to sign it with his new key, then revoke the signature and upload the old
key to the keyserver again.

Guess it's time for the experts to step in and set us onto the right path.

From: JW [mailto:jw@centraltexasit.com]
Sent: Tuesday, March 19, 2002 4:00 PM

>>1.  Sign old key with your new key.  Just like you would sign your friends
>Ok... I have managed to do this on Linux. And "update" the "old" key by
sending it again
>according to hex ID (looks right at any rate)

     Probably didn't need to do this but at least your old key is now signed
by your new key.

>>2.  Now revoke (not delete; but revoke) the signature on your old key.

>But then I think the next steps failed:

>Command> quit
>Save changes? y
>gpg: sig E60F7299.72: duplicated certificate - deleted

I've never revoked just the signature before.  But, the process should be
similar to revoking the entire key.  It should write out a certificate that
you can import back in to the keyring.

Guess we need the experts from the gnupg-users email list.  I'll cc that
list on this reply and suggest that you look there for further assistance.

>When I look at the key server now there's nothing there that tells me that
anything has changed.. 

Somehow you need to get that signature revoke certificate generated and
imported back in to the keyring.  Then upload the results to the keyserver.

>Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key
down from the 
>keyserver as opposed to moving my public key over to Linux as a file.
Should I copy my old public >key to Linux, sign/revsign it, then move the
signed/revoked public key back over to WinPT, and
>send the signed/revoked public key up with WinPT?

In theory you should be able to pull a key down from the keyserver, sign it,
upload it back.  All you need to do is add in the revoke signature piece
before uploading it again.

>If I sign/revoke my public key with GPG on Linux, how do I import the
signed/revoked key back
> into WinPT for revocation... ...import from clipboard? Or maybe just
overwrite C:\GNUPG

Just import the revoke certificate.

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.