How to migrate to a new computer? mk II
Hi, Folks
To Follow up from Bill's earlier discussion: my macbook was stollen a month ago, and I've now replaced it. How do I resurrect my capacity for encrypted email without the ability to export my key pair? I've retrieved my public key from the server, and so, I suppose, need a means of inputting my secret key on Keychain access . . . right?
thanks in anticipation
Robert
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Steve on 30 Apr, 2014 07:51 PM
Hi Robert,
getting a MacBook stolen sucks! In case of secret keys that were on that MacBook it also poses a security risk. Did you also have your passphrase stored in the OS X keychain or did you always enter it manually?
This KB-article covers the case of a lost sec key: http://support.gpgtools.org/kb/faq-gpg-keychain-access/how-to-revok...
Edit: Do you have any backup of your sec key? Either on a USB-stick or on an entire time-machine or cloned harddrive backup?
Let me know if you have more questions after going through that article.
All the best,
steve
2 Posted by Robert on 10 May, 2014 12:01 PM
Thanks Steve. If I understand correctly (probably unlikely), I'm outa luck. I have written down all the keys and IDs I think - but this doesn't seem to be the same thing.
I think my course of action must be to create a new key-pair, and revoke the old. That's what I'll do. If that seems stupid please let me know; and I'll be in touch should I have any problems.
Many, many thanks
Robert
Support Staff 3 Posted by Steve on 25 May, 2014 07:34 PM
Hey Robert,
sorry for slow response times. Busy times here.
To do anything useful about this situation, you'd need both the sec key and the passphrase. Writing down the KeyID or even only the passphrase is nice but doesn't bring back the sec key. And without that you are out of luck if you want to revoke it now.
In general it's a good idea to always create a revocation certificate after you create a new key. We have an existing ticket to suggest that to the user right after the key creation.
Then you could import that cert and thus revoke the key. But if you currently also do not have that, creating a new key is your only option.
You write "revoke the old key". How do you want to do that? Do you actually have a revocation cert?
All the best,
steve
4 Posted by Robert on 26 May, 2014 09:22 AM
Steve: No problem; glad that interest in this is kicking on!
I created a new key-set, and am able to proceed as I was. I think I probably mis-understood about the revocation certificate previously (I'm not entirely clear now) but I'll try to implement this new advice now.
Thanks for the support
Robert
Support Staff 5 Posted by Steve on 26 May, 2014 09:33 AM
The revocation certificate is a file you can create as a safety net. Create it (do not import it!) and put it e.g. on a USB drive in a secure location.
Should you then loose your sec key or forget your passphrase you can import this revocation certificate to mark that key revoked. If you then upload the revoked key to the key servers others will know that your key was revoked and that you probably have a new key.
Can I close this discussion or do you have remaining questions? You can always re-open if more trouble arises or just open a new discussion.
6 Posted by Robert on 26 May, 2014 09:39 AM
Got, it Steve; very clear instructions. Finally this part makes sense.
Please do close the thread: I'm fully encrypted.
Thanks again for your support
Robert
Support Staff 7 Posted by Steve on 26 May, 2014 09:43 AM
Perfect. Glad, this is solved for you. I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 26 May, 2014 09:43 AM.
Steve closed this discussion on 20 Jun, 2014 11:22 AM.