lost private key password

Kurt Fitzner kfitzner at excelcia.org
Thu Jan 5 05:17:01 CET 2006

Realos wrote:
> What would you suggest in this case? A brute force attack with some
> software if I know part of the password? What tool is suitable for that?

There isn't any software that I know of to brute-force a GnuPG password.
You could probably whip up something quick and dirty using GnuPG's
password checking code, but to be honest and as much as it probably
annoys you, I think the best thing to do is just admit that you've got
to replace your key.

I did the same thing with my first key.  I learned the hard way that one
should have produced a revocation certificate.  This is something I'd
like to see GnuPG offer to generate by default for any new keys.

Another option, so you don't have to hold multiple revocation
certificates in a safe place, is to create a key for the sole use of
using it as a revoking key.  You add that key as a revoker to any new
keys you produce, and don't use the revoker key for anything else.  You
can then store the revoker key without a passphrase, or with a very easy
to remember one like your birthday.  If someone gets their hands on your
revoker key, all the damage they can do to you is to issue revocation
certificates, which (for most people) is merely annoying rather than
actually dangerous.

Even better is to get yourself a few OpenPGP smartcards.  Use one as
your primary use key, and another as a backup.  The backup is set up as
a revoker for the primary one.  If you lose your primary, or it is
stolen, you can use the backup to revoke the key on your primary, and
then use that key as as your new primary one.  Then you just order a new
card to act as a backup and when it comes, set it up as a backup with
the ability to revoke your new primary key.

Sorry about your original key - it's a pain, I know.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 372 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060104/454ccc42/signature.pgp

More information about the Gnupg-users mailing list