D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] More on GPG



On Tuesday 19 Aug 2003 4:08 pm, Mike Callaghan wrote:
> All becomes clear now. I thought I had resigned Neil's key with my new
> key (8D86B65E) but had in fact used one (E5A62DD0) I had generated while
> playing with gpg on the laptop.
>
> 8D86B65E is my new key and is now set as default on both Windows and
> Linux systems. I have re-signed those keys previously signed with
> 2801834D.
>
> 2801834D has been revoked. Keyservers have been updated for both keys.

Hmm. by revoking the old key, it makes it harder for me to sign your new key 
except in person. I cannot now use my verification of the old key as an aid 
to verifying the new one. As the revoked key is already at keyservers, I'll 
have to wait until I can verify the new one at a future meeting. (Good excuse 
for a Cornwall meeting in the autumn!)

General advice (gleaned from various GnuPG FAQ's/manuals/lists):
If a key that has not been compromised needs to be revoked (or is due to 
expire soon), it is possible to transfer signatures onto a new key by sending 
encrypted details to each signatory. 

1. Send an email warning / reminder about the imminent replacement of the key 
(signed with the old key because that's the key that people will recognise) 
to each signatory.

2. Ask each signatory to send a SIGNED and encrypted reply to the OLD key 
containing some quote / random text. It's important that the reply is signed 
so that you can trust the quote / random text.

3. Sign each key with your new key as the emails come in and make sure that 
all the recipient keys are updated on keyservers. 

4. Send an encrypted reply to each signatory, including the appropriate quote 
/ random text and the fingerprint of the new key and make sure that the reply 
email is signed with your NEW key. Don't revoke signatures made using the old 
key - they are still valid as long as the old key has not been compromised.

5. Recipients can update their own keys from keyservers, verify that the new 
key signature is on their own key and check the fingerprint of your new key.  
Recipients can also revoke their signatures on your old key at this point. 
Many recipients would then be willing to sign the new key as there has been 
an encrypted transfer of data requiring both of the secret keys involved to 
be available to you alone.

6. Once you've sent out all the replies to signatories, you can revoke the old 
key (or just let it expire). Don't delete it from your keyring or you'll lose 
the ability to read encrypted emails sent to you before the new key was 
generated.

-- 

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

Attachment: pgp00037.pgp
Description: signature


Lynx friendly