Needed help

[Daniel Kahn Gillmor]

On 07/31/2009 04:15 PM, FiloSottile wrote:
> I have this situation
> 
> pub 1024D/01A82A13 created: 2008-09-21 expires: mai utilizzo: SCA
> sub* 2048g/E159FB03 created: 2008-09-21 expires: mai utilizzo: E
> 
> i have the secret key 01A82A13, but not E159FB03
> what should i do? (replace subkey with other, remove it - the result is
> that i can't encrypt)

Probably you mean to say that you are unable to decrypt, right?  If
you've lost the secret part of that subkey somehow, material encrypted
to it is gone for good.  But you can still move forward:

Your best short-term bet is to revoke your subkey and add a new one.

try:

  gpg --edit-key 01A82A13

then within that subshell, you're interested in the subcommands "revkey"
and "addkey".

Note that before you "revkey", you'll want to explictly select the
subkey first.  And when you addkey, you want to choose either "Elgamal
(encrypt only)" or "RSA (encrypt only)" to make sure you make another
encrpytion-capable subkey.  So the commands you might want to run
probably look something like:

key 1
revkey

addkey
6


Be sure to read and understand the prompts before committing to anything!

when it's all done and you like the changes, do:

save


Finally, you'll want to publish the new subkey and the revocation of the
old one:

  gpg --keyserver keys.gnupg.net --send 01A82A13


> what does SCA and E mean? how can i change them?

These are Key Usage Flags.

SCA means that your primary key is to be used only for the following
activities:

 Signing (signing text and binary documents)
 Certifying (signing other people's key/userID bindings)
 Authentication (identifying you in some context, e.g. SSH)

E measn that your subkey is to be used for Encrypted communications
and/or storage.


hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090731/1cfc3886/attachment.pgp>