Laptop stolen, need to upload my old key on new computer and be able to encrypt/decrypt same messages
Hey I recently had my laptop stolen and am now using a new computer with the downloaded PGP Suite. I want to be able to run my key from my new computer, but I don't seem to be able to do so. Am I out of luck or can I be able to import my key and be able to encrypt /decrypt the same messages? I don't know what I should do from here, as it looks like I am not getting my laptop back to me.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Brad on 18 Aug, 2015 04:52 PM
Hi, I really need to be able to use my GPG keychain on my new computer, in order to encrypt and decrypt the same messages. However, it doesn't seem like I am able to do so. My laptop was stolen and I cannot access my account on my new computer. How would I go about fixing this? Please help.
2 Posted by Thomas_U on 18 Aug, 2015 05:32 PM
Do you have a backup of the system on your stolen computer?
3 Posted by Brad on 18 Aug, 2015 05:56 PM
Unfortunately I haven't backed it up because I only had the software downloaded on my stolen laptop for a week. So I don't know how to access it now. I have all of the login information and my passphrase. What should I do now?
4 Posted by Thomas_U on 18 Aug, 2015 06:10 PM
I guess you´ll have to create GPG keychain from scratch using the GPG Keychain.app.
You find the Tutorials here: http://support.gpgtools.org/kb
I hope the developer-team will chime in here and help you with more concise tips (I am just a user).
Do yourself a favor: Buy an external HD and start using TimeMachine right away to avoid such mishaps in the future.
5 Posted by Brad on 18 Aug, 2015 06:36 PM
I normally backup my laptop but I only had this software downloaded for a week. Anyway thanks for the advice. I'll look out for an admin to see what I can do from here to retrieve my account on my new computer.
Support Staff 6 Posted by Steve on 19 Aug, 2015 12:04 PM
Hey,
@Thomas: thanks for chiming in (as always). Sidenote for you: please use https://gpgtools.tenderapp.com/kb since we will shut down the other URL in the future.
@Brad: We do have a knowledge base dealing with this case. To summarize: you just hit a brick wall. You do not have a secret key. And although GPG Keychain does create a revocation certificate that safety net does not apply since the revocation certificate which now would be most useful in order to revoke the lost key resides on the stolen computer.
So besides you having a bad time alredy, I'd probably freak out if my laptop was stolen, the key is lost and there is no chance to revoke it in this situation.
The KB explaining this situation is still worth a read to better understand the mechanics behind this process: https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-revoke-a-...
So much for the bad news. On a brighter note: when I did search the key servers for your mail address, I was unable to find any key (at least using the mail you used when you signed up to this support platform). That means the fact that you can not revoke the key is not as bad as it was if you would have uploaded your public key. So if the public key never was on the key servers you will not be stuck with an unusable but valid key which shows as legit on the key servers.
Moving on
Now what can you do to get back to a working state? I suggest to create a new key. Then let your friends know you do have a new key. You might want to consider uploading to the key servers to make it easy for others to find your key. Note though, that no keys can be deleted from the key servers. Keys can only be revoked.
Get your new key signed by some of your friends. Do verify fingerprints and check that you are both who you claim to be via a videochat session.
And do create a backup of your key and also backup a revocation certificate for your key and store both on a thumbdrive you store in a secure location.
We have a ticket covering better backup options. It would be great to show a dialog explaining why a backup might be a good idea, whenever a new key has been created. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.
All the best,
steve
Steve closed this discussion on 07 Jan, 2016 07:57 PM.