unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Key 69096DFDD7028BEDACC5884BC5E051C79C0BECDB "Key has been compromised"
@ 2017-02-27 23:25 Leo Famulari
  2017-02-27 23:41 ` Leo Famulari
  0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2017-02-27 23:25 UTC (permalink / raw)
  To: David Craven; +Cc: guix-devel

Hi David,

While looking at the Guix commit log, I noticed that your PGP key
69096DFDD7028BEDACC5884BC5E051C79C0BECDB has been revoked with a reason
of "Key has been compromised".

In a message on February 3 you said, "Can I regenerate a pgp key? I
think my keys where in the gnome keyring or something, backing up
~/.gnupg/secring.pgp didn't keep my keys :/" [0]

Can you clarify whether the key was deleted inadvertently, or if you
think it was actually "compromised". To me, key compromise means you
believe that the private key could have been copied by a 3rd party.

Leo

[0]
http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00104.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Key 69096DFDD7028BEDACC5884BC5E051C79C0BECDB "Key has been compromised"
  2017-02-27 23:25 Key 69096DFDD7028BEDACC5884BC5E051C79C0BECDB "Key has been compromised" Leo Famulari
@ 2017-02-27 23:41 ` Leo Famulari
  2017-02-28 10:04   ` David Craven
  0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2017-02-27 23:41 UTC (permalink / raw)
  To: David Craven; +Cc: guix-devel

On Mon, Feb 27, 2017 at 06:25:42PM -0500, Leo Famulari wrote:
> In a message on February 3 you said, "Can I regenerate a pgp key? I
> think my keys where in the gnome keyring or something, backing up
> ~/.gnupg/secring.pgp didn't keep my keys :/" [0]

Also, I'm not sure which version of GnuPG you were using, but the 2.1
series does not use '$GNUPGHOME/secring.gpg'. It uses
'$GNUPGHOME/private-keys-v1.d' [0].

So, you could lose your private key if you updated from an earlier
series and then tried to migrate your installation by coping
secring.gpg.

[0]
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration.html#index-secring_002egpg-506
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html#index-secret_002dkeyring-304

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Key 69096DFDD7028BEDACC5884BC5E051C79C0BECDB "Key has been compromised"
  2017-02-27 23:41 ` Leo Famulari
@ 2017-02-28 10:04   ` David Craven
  0 siblings, 0 replies; 3+ messages in thread
From: David Craven @ 2017-02-28 10:04 UTC (permalink / raw)
  To: Leo Famulari; +Cc: guix-devel

Hi Leo

> Can you clarify whether the key was deleted inadvertently, or if you
> think it was actually "compromised". To me, key compromise means you
> believe that the private key could have been copied by a 3rd party.

Key revocation certificates are generated before something happens.

It is possible, but unlikely that someone obtained my key file. There is
a strong password on it however, and I'm not aware of anyone using my
key. The signature should be valid for all before the revocation date and
for none after.

David

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-02-28 10:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-27 23:25 Key 69096DFDD7028BEDACC5884BC5E051C79C0BECDB "Key has been compromised" Leo Famulari
2017-02-27 23:41 ` Leo Famulari
2017-02-28 10:04   ` David Craven

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).