On Sunday, March 09, 2014 21:54:50 Joseph Apuzzo wrote: > I apologize for not singing any keys yet. Turns out I do not have the part > of the key that can sign: > > $ gpg -K > /home/joe/.gnupg/secring.gpg > ---------------------------- > sec# 4096R/2190E068 2014-01-28 [...] > Note that "sec#" means that you can sign files and encrypt but not sign > keys with that key.
That's right. [...] > Really sign? (y/N) y > gpg: secret key parts are not available > gpg: signing failed: general error Yep that's the same error Jack's getting and I didn't realize that he might have been using a subkey. > Key not changed so no update needed. > joe@Mint-VirtualBox ~ $ > > So the problem I have is that the original keys and revocation certificate > are on a flash drive. > Which actually died, I can not access it. If that's the /only/ place you have the original key and revocation certificate, that's extremely unfortunate. :-( "For next time": One of the standard practices is to create a revocation certificate and PRINT it to PAPER. At least that way if you loose control of the secret key (such as this situation), you can at least revoke the key. A second recommendation which I follow is to set your GPG key to have an expiration date about 5 years in the future, so that at worst case (like this situation), the key will at least eventually expire. This is safe to do because if the key expires you can simply give it a different expiration date and thus "unexpire" it. > Anyone have any ideas on how I could correct this? Sadly, the best thing I can recommend now is making a dcfldd (enhanced dd) image of the flash drive, and trying to do forensic recovery on the dd image. This way you can minimally disturb the original and then mess with the dd image to your heart's content. > Some way to sign a new key and revoke the broken one? To revoke the old one you need either the full key or the revocation certificate for the full key. As you currently have neither, you've got a problem. :-( This is a common occurrence and is one of the reasons that the GPG key servers have a large amount of 'cruft' data in them which cannot ever be removed. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and IMAP/POP3 Proxy Server May 7 - Google App Engine Jun 4 - Samba: Can We All Just Get Along?
