Lost passphrase

Sven Radde email at sven-radde.de
Tue Apr 17 14:36:45 CEST 2007


Thomas Sowa schrieb:
> - i can't revoke it --> no passphrase :-(
> - i still need the email adresses with the useless keys
> - i definitely can't find the passphrase

Well, the severity of the problem depends on whether your "forgotten"
keys are available on the public keyservers.

If not, you're quite fine: Just generate a new key and distribute this
to your friends along with a note to delete the old key.

If yes, you're quite screwed as it will stay there forever: New contacts
will not know which key to choose when they look your name up on the
keyservers. People might be smart enough to use the newer of the two
keys. If you don't rely so much on the keyservers to distribute your
key, it is also less of a problem.
This *will* sort itself out, however, after the email exchange with them
has begun: If you receive a message encrypted to your old key, you would
email them back to use the new one instead. It is just an inconvenience
to set up the "communication channel" to you. Once your communication
partner has the correct key in his local keyring, everything will be fine.

In any case, create a new key. You might change something in the UIDs
but it is not really necessary. The creation date can serve as a
discriminator between the two keys.

For your new key, immediately after generating it, create a "revocation
certificate" and store it in a safe place. You can later use it to
revoke the key without a passphrase, see the man-page and other docs for
more details. It is also extremely helpful to set an expiration date to
your key (you can alwys extend it and re-distribute the key).

HTH, Sven

More information about the Gnupg-users mailing list