Can I revitalise an old key-pair?
Pete Stephenson
pete at heypete.com
Sun Sep 1 23:15:35 CEST 2013
On Sun, Sep 1, 2013 at 2:57 PM, MartinHvidberg <martin at hvidberg.net> wrote:
> I'm returning to GPG, and Enigmail, and not for the first time. This means
> that I have earlier generated key-pairs and uploaded them to servers like
> keys.pgp.net or something like that. I did this first time in 1999 and have
> done several new attempts later, and now have seven key-pairs on the server.
> Latest I have generated a key-pair in 2011.
While it can be tempting to use particularly old keys (such as those
made in 1999), the maximum length at the time (1024-bit DSA keys)
makes them borderline too-short for modern usage. Even if you regain
access to your 1999-era secret key, you should probably consider
transitioning to a new, stronger keypair. See
http://www.debian-administration.org/users/dkg/weblog/48 for some
useful information on the subject.
> My problem:
> I stead of generating yet another key-pair, how do I revitalise on of my
> existing key-pairs.
> This said, I have only what I can download from a key-server, and I do in
> fact remember the password, for some of them.
The keyservers only store the public part of your key. This is not
sufficient to derive the secret key (if it was, that'd be a Bad
Thing). If you do not have your secret key that corresponds to the
public key you wish to, as you say, revitalize, then there's nothing
you can do except create a new keypair. That, or develop some major
advancements in the field of mathematics that would allow you to
derive the secret key from the public key (which would break the whole
system, rendering the exercise moot).
> Do the key-server have all the information I need to re-use an existing
> key-pair (provided I remember the password)?
Unfortunately not.
> Or do I need to get one of my old computers up and running, hoping to find
> some sort of key file there.
If you go through your old systems and are able to find the relevant
secret key files or the GPG/PGP keyring files, then you can continue
using that keypair. If you cannot find the secret key, you'll need to
create a new keypair. :/
> If you can point to any online material, tutorial or the likes, that do not
> start with 'Generate a key-pair' then I would appreciate the a lot... :-)
I suppose the only step that'd come before that would be "find your
secret key". If you can't do that, you're sort of hosed. :)
More information about the Gnupg-users
mailing list