Yep - the issue was "conceptual" I think. It appears (to Joe and me) that the instructions for the sub-key was under the assumption that your laptop was your mobile system and your "base" computer was something less portable. The idea being that the server that you actually did key work on was NOT portable... and would therefore have ALL the keys....
Ah, assumptions. So - with Joe's assistance, I deleted my key and re-added it from my saved keys on the USB stick - and was THEN able to sigh keys. One step higher. Now to figure out the next thing. Thanks all! JC On Sun, Mar 9, 2014 at 10:47 PM, Chris Knadle <[email protected]>wrote: > On Sunday, March 09, 2014 21:54:50 Joseph Apuzzo wrote: > > I apologize for not singing any keys yet. Turns out I do not have the > part > > of the key that can sign: > > > > $ gpg -K > > /home/joe/.gnupg/secring.gpg > > ---------------------------- > > sec# 4096R/2190E068 2014-01-28 > [...] > > Note that "sec#" means that you can sign files and encrypt but not sign > > keys with that key. > > That's right. > > [...] > > Really sign? (y/N) y > > gpg: secret key parts are not available > > gpg: signing failed: general error > > Yep that's the same error Jack's getting and I didn't realize that he might > have been using a subkey. > > > Key not changed so no update needed. > > joe@Mint-VirtualBox ~ $ > > > > So the problem I have is that the original keys and revocation > certificate > > are on a flash drive. > > Which actually died, I can not access it. > > If that's the /only/ place you have the original key and revocation > certificate, that's extremely unfortunate. :-( > > "For next time": > > One of the standard practices is to create a revocation certificate and > PRINT > it to PAPER. At least that way if you loose control of the secret key > (such > as this situation), you can at least revoke the key. > > A second recommendation which I follow is to set your GPG key to have an > expiration date about 5 years in the future, so that at worst case (like > this > situation), the key will at least eventually expire. This is safe to do > because if the key expires you can simply give it a different expiration > date > and thus "unexpire" it. > > > Anyone have any ideas on how I could correct this? > > Sadly, the best thing I can recommend now is making a dcfldd (enhanced dd) > image of the flash drive, and trying to do forensic recovery on the dd > image. > This way you can minimally disturb the original and then mess with the dd > image to your heart's content. > > > Some way to sign a new key and revoke the broken one? > > To revoke the old one you need either the full key or the revocation > certificate for the full key. As you currently have neither, you've got a > problem. :-( > > This is a common occurrence and is one of the reasons that the GPG key > servers > have a large amount of 'cruft' data in them which cannot ever be removed. > > -- Chris > > -- > Chris Knadle > [email protected] > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) Vassar College > Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and > IMAP/POP3 Proxy Server > May 7 - Google App Engine > Jun 4 - Samba: Can We All Just Get Along? > -- Google Voice: (914) 468-4552 ---------------------------------------- Prov. 12:15 Eschew obfuscation and pompous prolixity. Light a man a fire, he is warm for the night. Light a man afire, he is warm for the rest of his life.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and IMAP/POP3 Proxy Server May 7 - Google App Engine Jun 4 - Samba: Can We All Just Get Along?
