adding self-signature to really old keys
GPG Keychain 1.2b3 (980b)
I have existing secret and public keyrings from many many years ago. Up to now I've been using PGP but Symantec have finally really lost me. Anyway, problem number 1 was that I couldn't import them using the keyring app... there were no errors or anything, but nothing got added to the keyrings. I found the other article about importing them using the command line, and that half worked.
Then the next problem appeared. Gpg rejected all but my most recently created key on the grounds that they had no self-signature on any IDs. (This is true. It tells you how long ago they were created!) I found the article about this in which it recommends asking the key owner to add self-signatures. I'd love to, but when I asked myself to do that, I found I couldn't because I can't import them! I'm in a chicken-and-egg problem. And of course no-one else can do it for me.
What did you expect instead
At least for secret keys, it should allow them to be imported with some kind of error message and a warning to add self-signatures. It should also work to import them from the existing keyrings in the Keychain tool.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 27 Jan, 2015 12:50 AM
Hi Greg,
this KB-article should cover your question. Let me know if those steps worked out for you.
All the best,
steve
2 Posted by Greg Rose on 28 Jan, 2015 02:05 AM
Still no joy, I'm afraid. I managed to add the secret key to the database. But it won't add a corresponding public key!
: ggr.home/Desktop; gpg --search-keys [email blocked]
gpg: searching for "[email blocked]" from hkps server hkps.pool.sks-keyservers.net
(1) Greg Rose <[email blocked]>
Greg Rose <[email blocked]>
1024 bit RSA key 09D3E64D, created: 1994-11-30
Keys 1-2 of 2 for "[email blocked]". Enter number(s), N)ext, or Q)uit > 1 2
gpg: requesting key 09D3E64D from hkps server hkps.pool.sks-keyservers.net
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: key 09D3E64D: no valid user IDs
gpg: this may be caused by a missing self-signature
Then when I try to look at it or edit it to add a new user id:
: ggr.home/Desktop; gpg -K [email blocked]
gpg: key 09D3E64D: secret key without public key - skipped
gpg: error reading key: No secret key
Thanks for the help so far...
regards,
Greg.
Support Staff 3 Posted by Luke Le on 12 Feb, 2015 12:32 PM
Hi Greg,
with the following command I was able to import your public key:
Hope that helps.
Support Staff 4 Posted by Steve on 12 Feb, 2015 01:21 PM
Greg,
the fact that you were still not able to import your old key is, that that key uses MD5 which should no longer be used.
But besides that, your key is 1024bit. And those keys should no longer be used. GPG Keychain uses 4096bit as default key length. So I strongly suggest to create a new, stronger key and do a key transition.
All the best,
steve
Support Staff 5 Posted by Steve on 25 Mar, 2015 07:19 PM
Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.
All the best, steve
Steve closed this discussion on 25 Mar, 2015 07:19 PM.