Help me to import my secret key please

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun May 9 01:07:00 CEST 2010 

On 05/08/2010 12:26 PM, Stephane Dupuis wrote:
> $ gpgsm -K
> gpgsm[5195]: can't connect to `/home/hoper/.gnupg/S.gpg-agent': Aucun
> fichier ou dossier de ce type
> /home/hoper/.gnupg/pubring.kbx
> ------------------------------
>            ID: 0xFFFFFFFFC8ACF3C4
>           S/N: 01
>        Issuer: /CN=xxxxxx /L=78210/C=FR/EMail=xxxxxxxx
>           aka: xxxxxxx
>       Subject: /CN=xxxxxx /L=78210/C=FR/EMail=xxxxxxxx
>           aka: xxxxxxx
>      validity: 2009-06-09 19:48:13 through 2011-08-18 19:48:13
>      key type: 4096 bit RSA
>     key usage: digitalSignature keyEncipherment
>   fingerprint:
> A5:75:99:1E:F7:71:71:6C:AE:43:93:9F:23:00:6F:BD:C8:AC:F3:C4
> 
> and this file :
> /home/hoper/.gnupg/private-keys-v1.d/F3FFEFBE7661DDAC15F5B1625F9168AF818E8396.key
> was created. 
> 
> But I want this key to be used as my "default secret key". Well, I want
> it to appear in the output of "gpg -K". 
> 
> How can I do this ? 
> 
> btw, I already manage to import the public key :
> 
> $ gpg --list-keys
> /home/hoper/.gnupg/pubring.gpg
> ------------------------------
> pub   1024D/1F03B55A 2009-06-09
> uid                  hoper <xxxxxxxxxxxx>
> sub   4096g/F7C66E72 2009-06-09
> 
> My only problem is with the secret part. (my secring.gpg file is still
> empty). 

I'm afraid these are not the same key :(

The former key is a 4096-bit RSA key.  The latter key is a 1024-bit DSA
key with a 4096-bit ElGamal subkey bound to it.

Also, the former key has an X.509 certificate assoiated with it, while
the latter keys are bound to your identity via OpenPGP certification.
While it's possible to have both X.509 certificates and OpenPGP
certificates from the same key (we're doing it for TLS servers in the
monkeysphere project), it's not common.  And in your case, it's not what
you've done anyway, since these are clearly different keys because of
their different keylengths and algorithms.

If you have no way of recovering your old ~/.gnupg/secring.gpg, you have
most likely lost control of your old key.  In that case, i recommend
publishing the revocation certificate you created when you made your key
(hoping that you have such an old revocation certificate for 1F03B55A
stored someplace accessible to you).

Sorry to be the bearer of bad news,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100508/0149c7db/attachment.pgp>

More information about the Gnupg-users mailing list