adding self-signature to really old keys

Greg Rose's Avatar

Greg Rose

18 Jan, 2015 02:32 AM

GPG Keychain 1.2b3 (980b)

I have existing secret and public keyrings from many many years ago. Up to now I've been using PGP but Symantec have finally really lost me. Anyway, problem number 1 was that I couldn't import them using the keyring app... there were no errors or anything, but nothing got added to the keyrings. I found the other article about importing them using the command line, and that half worked.

Then the next problem appeared. Gpg rejected all but my most recently created key on the grounds that they had no self-signature on any IDs. (This is true. It tells you how long ago they were created!) I found the article about this in which it recommends asking the key owner to add self-signatures. I'd love to, but when I asked myself to do that, I found I couldn't because I can't import them! I'm in a chicken-and-egg problem. And of course no-one else can do it for me.

What did you expect instead

At least for secret keys, it should allow them to be imported with some kind of error message and a warning to add self-signatures. It should also work to import them from the existing keyrings in the Keychain tool.

  1. Support Staff 1 Posted by Steve on 27 Jan, 2015 12:50 AM

    Steve's Avatar

    Hi Greg,

    this KB-article should cover your question. Let me know if those steps worked out for you.

    All the best,
    steve

  2. 2 Posted by Greg Rose on 28 Jan, 2015 02:05 AM

    Greg Rose's Avatar

    Still no joy, I'm afraid. I managed to add the secret key to the database. But it won't add a corresponding public key!

    : ggr.home/Desktop; gpg --search-keys [email blocked]
    gpg: searching for "[email blocked]" from hkps server hkps.pool.sks-keyservers.net
    (1) Greg Rose <[email blocked]>
            Greg Rose <[email blocked]>
             1024 bit RSA key 09D3E64D, created: 1994-11-30
    Keys 1-2 of 2 for "[email blocked]". Enter number(s), N)ext, or Q)uit > 1 2
    gpg: requesting key 09D3E64D from hkps server hkps.pool.sks-keyservers.net
    gpg: Note: signatures using the MD5 algorithm are rejected
    gpg: key 09D3E64D: no valid user IDs
    gpg: this may be caused by a missing self-signature

    Then when I try to look at it or edit it to add a new user id:

    : ggr.home/Desktop; gpg -K [email blocked]
    gpg: key 09D3E64D: secret key without public key - skipped
    gpg: error reading key: No secret key

    Thanks for the help so far...

    regards,
    Greg.

  3. Support Staff 3 Posted by Luke Le on 12 Feb, 2015 12:32 PM

    Luke Le's Avatar

    Hi Greg,

    with the following command I was able to import your public key:

    gpg --allow-non-selfsigned-uid --search-keys your-email-address
    

    Hope that helps.

  4. Support Staff 4 Posted by Steve on 12 Feb, 2015 01:21 PM

    Steve's Avatar

    Greg,

    the fact that you were still not able to import your old key is, that that key uses MD5 which should no longer be used.

    But besides that, your key is 1024bit. And those keys should no longer be used. GPG Keychain uses 4096bit as default key length. So I strongly suggest to create a new, stronger key and do a key transition.

    All the best,
    steve

  5. Support Staff 5 Posted by Steve on 25 Mar, 2015 07:19 PM

    Steve's Avatar

    Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.

    All the best, steve

  6. Steve closed this discussion on 25 Mar, 2015 07:19 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac