key question

Thu Feb 25 01:33:31 CET 2010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tobias Holz wrote:
> Hey Folks,
> i succesfully installed gnupg on my Win7 machine. I want to use it
> with Thunderbird to encrypt personal eMails.
> Now I've got some questions:
> 1) What does happen if I lose my private key? Can I burn it to a CD/DVD?

If You actually 'lose' Your Private Key [i.e. Secret/Private half of the
Keypair] or lose and/or Forget Your Passphrase You are FUBAR.  This is
why the Enigmail Manual & Quick Start Guide both _strongly_ encourage
the generation of a Revocation Certificate [actually just a Special
Signature File] which You should then store somewhere away from Your
Keyrings.  Enigmail has a 'Wizard' for this.  :)

> 2) Where can I find the key, I just got the passphrase?

Under 'OpenPGP' on the toolbar at the top of Thunderbird You will find
an item in the Menu labeled 'Key Management' which will graphically
display Your Keyring(s).  [Hint: the default setting displays nothing
until a Key ID or Email Address is entered into the Search Box /unless/
You have checked the box 'Display All Keys'.

Where are the actual Keyring(s) in Win 7?  The crypto-geek answer is
"under %AppData% → Roaming Directory/Folder _or_ C:\Program Files\GnuPG
assuming You accepted the Defaults when installing GnuPG.  :-\  You can
also use WinSearch and enter: secring.gpg or pubring.gpg.  This is the
Secret Keyring and Public Keyring respectively.  If You choose to burn
either of these [or both] to a Disk or store them on removable media
then I also suggest You include the File trustdb.gpg since this File
contains Your Assigned & Calculated Key Trust values.  It is located in
the same Directory/Folder as the other 2 Files.

> I generated the Keys with OpenPGP-Plugin for Thunderbird. I got the
> public key (something_stands_here.asc) and encryption works fine :)

At the risk of being called a heretic by My fellow Members of the
Enigmail Development Team I am also going to recommend a companion GPG
Frontend to You for use on Windows:  GPGshell
[http://www.jumaros.de/rsoft/index.html] is an excellent tool for Key
Management [manipulation] that offers many 'clickable' options not
available within the Enigmail Key Manager as well as greatly simplifying
Command Line usage.  [Another Hint:  in order to fully enjoy & exploit
all of GnuPG's many features some Command Line familiarity is gonna be
necessary]

Going way out on a limb I am going to assume that You are as yet unaware
of the gpg.conf File and it's usefulness.  Please do not hesitate to Ask
more Questions within this Forum/List as well as accept Google as Your
Friend.  As Questions specific to Enigmail begin to develop I heartily
suggest You also Join the Enigmail Mailing List as well.
[https://www.mozdev.org/mailman/listinfo/enigmail]  ;)

HTH more than it confuses.  :)

JOHN ;)
Timestamp: Wednesday 24 Feb 2010, 19:32  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Personal Web Page:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJLhcVYAAoJEBCGy9eAtCsPQ3oIAIAmFY/3blwse4tNLEV0cNwH
G3Z0KnbX2t9XoHqUt+AoLFQDXxvFHivsIAu+7p4z7D4Dy5Zw7ya2+Stdmmf147Sy
qmPg647cNT3N2YB/VqW/aq36a2cD82mZr8ltoVa+3VD2s1fwe6o2xcNiP1JbdxZW
Gp4/x1lzOALwkD3BCKjuv3SIG8Pyh0AZNKJBrkP6q318WjWOv4J6AAwKD3bRLxSr
I3CNTooN0GDVoF7nyc/pETsxQbWSDwy348cwvvpe5im5Y2UYTdqAgqhVbFl9DaRL
iC9KrFF2bN158Ot7IInUO2cTU9CUQISuE0HUt5pFzqsFOcFHtqLiBzXoyC1+c3s=
=m/vO
-----END PGP SIGNATURE-----