Hi! Thomas Sowa schrieb: > - i can't revoke it --> no passphrase :-( > - i still need the email adresses with the useless keys > - i definitely can't find the passphrase
Well, the severity of the problem depends on whether your "forgotten" keys are available on the public keyservers. If not, you're quite fine: Just generate a new key and distribute this to your friends along with a note to delete the old key. If yes, you're quite screwed as it will stay there forever: New contacts will not know which key to choose when they look your name up on the keyservers. People might be smart enough to use the newer of the two keys. If you don't rely so much on the keyservers to distribute your key, it is also less of a problem. This *will* sort itself out, however, after the email exchange with them has begun: If you receive a message encrypted to your old key, you would email them back to use the new one instead. It is just an inconvenience to set up the "communication channel" to you. Once your communication partner has the correct key in his local keyring, everything will be fine. In any case, create a new key. You might change something in the UIDs but it is not really necessary. The creation date can serve as a discriminator between the two keys. For your new key, immediately after generating it, create a "revocation certificate" and store it in a safe place. You can later use it to revoke the key without a passphrase, see the man-page and other docs for more details. It is also extremely helpful to set an expiration date to your key (you can alwys extend it and re-distribute the key). HTH, Sven _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
