Disaster Key Recovery - Unix
Robin H. Johnson
robbat2 at orbis-terrarum.net
Sun Oct 15 00:24:41 CEST 2006
On Sat, Oct 14, 2006 at 03:21:42AM -0600, Henry Hertz Hobbit wrote:
> [8] IMPORT somebody ELSE'S key and sign it; Werner's signing
> key for example.
> $ cd $TO_WHERE_WERNERS_PUB_KEY_IS
> $ sha1sum WernerKoch.asc
> c151479c9231455f18bccd09e3423679683a9ba9 WernerKoch.asc
> # It matches what I have off the computer. Hopefully
> # somebody hasn't taken advantage of the SHA1 weakness.
> $ gpg -a --import WernerKoch.asc
> $ gpg --list-keys
> # some output omitted
> pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31]
> uid Werner Koch (gnupg sig) <dd9jn at gnu.org>
>
> pub 1024R/1CE0C630 2006-01-01 [expires: 2008-12-31]
> uid Werner Koch (dist sig) <dd9jn at gnu.org>
>
> $ gpg --delete-key 57548DCD
> $ gpg --edit-key 1CE0C630
> Command> # SIGN TO THE LEVEL YOU KNOW THIS KEY IS REALLY HIS
> # beats me if it really is his key - others seem to think it
> # is and it verifies GnuPg as valid.
> Command> save
> $ gpg --list-secret-keys
> $ gpg --list-keys
If you've met Werner and exchanged identities with him, then signing his
key exportably is ok, but in general, people should be using
non-exportable signatures here, with lsign, to not pollute the web of
trust unnecessarily.
--
Robin Hugh Johnson
E-Mail : robbat2 at orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : /pipermail/attachments/20061014/e110dd6c/attachment-0001.pgp
More information about the Gnupg-users
mailing list