I have been revoke my GPG key on some of pgp keyserver, However i've found that the key is not verified.
How to completly revoke the key and verify the key is no longer used.
I've found some post that almost same with my question, but it's not clearly enough to answer how to verify the key revocation completely.
Here i attached the picture of my key that upload to https://pgp.mit.edu
Unfortunately the GPG key that has been sent to the key server cannot be deleted. You need to revoke your public key and notify other users that this key is no longer useful.
If you have uploaded the public key to the HKP key server then you must also inform the key server about the revocation of your key.
1) List keys
First of all, list the keys from your keyring:
gpg --list-keys
Suppose, that the following is the key which you want to revoke:
pub 2048R/C5DB61BC 2015-04-21
uid Your Name (Optional Comment)
sub 2048R/18C601D3 2015-04-21
In the above key, the key-ID is C5DB61BC.
2) Revoke your key
Now, you need to revoke your key with the following command:
gpg --output revoke.asc --gen-revoke key-ID
Your revocation key certificate is stored in the file named “revoke.asc”.
3) Import revocation certificate into your keyring
After this, you need to import the revocation certificate into your public keyring:
gpg --import revoke.asc
You have successfully revoked your key in your keyring.
REVOKE KEY ON KEY-SERVER
1) Search your key on key-server
Suppose, you had uploaded your public key in online keyserver. Let the key server be pgp.mit.edu.
You can check/search your key in the MIT keyserver with the following command:
gpg --keyserver pgp.mit.edu --search-keys key-ID
2) Revoke your key on key-server
To revoke your public key in the keyserver, you need to run the following command. I am using pgp.mit.edu keyserver.
gpg --keyserver pgp.mit.edu --send-keys key-ID
You have already revoked the key in your keyring. So, this revoked key is sent to the keyserver. Hence, your key in the online keyserver will also get revoked.
Related
I have a server in a hosting with gnupg module and all works fine. The user can crypt messages with my public key (this process should do in a local, not in the server) and upload this messages in my server. I want validate that the "file" was encrypted with my public key
The user type something like that and them upload the file into my server.
gpg --encrypt --recipient 12345678 file.txt
I dont want share my private key in this server, so i cant validate if i will can decrypt. My question is, can i validate what file was crypted with my own public key??
Sorry by my english
use gpg --decrypt but don't give your private key, gpg will tell you all the keys that it is encrypted with:
wwalker#hatter:~$ gpg --decrypt foo.asc
You need a passphrase to unlock the secret key for
user: "Wayne Walker (Ruby Hacker) <wwalker#bybent.com>"
4096-bit ELG-E key, ID 39D0C3D7, created 2007-12-31 (main key ID A62B624A)
gpg: cancelled by user
gpg: encrypted with 1024-bit ELG-E key, ID 70DAE878, created 2015-10-15
"Puppet Vault (Used for targeted secrets exchanges) <puppet#pumhost2.lbl.gov>"
gpg: encrypted with 1024-bit ELG-E key, ID 9426026B, created 2015-10-15
"Puppet Vault (Used for targeted secrets exchanges) <puppet#jenkins.lbl.gov>"
gpg: encrypted with 4096-bit ELG-E key, ID 39D0C3D7, created 2007-12-31
"Wayne Walker (Ruby Hacker) <wwalker#bybent.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
If you are already using gpg-agent and your key is already in the agent:
(unset GPG_AGENT_INFO; gpg --decrypt foo.asc)
have installed the gpg4win version 2.2. I have Successfully created the certificate using gpgsm --gen-key > test.p10
I want to export the created certificate request into pkcs12 format with gpgsm --export-secret-key-p12, but while exporting into p12 i get the error message "No Secret key"
When i run gpgsm --list-secret-keys on command prompt,it indeed displays nothing.
Why would the export step is fail? and where the secret keys are present while generating certificates?
I have Successfully created the certificate using gpgsm --gen-key > test.p10
GpgSM from gpg4win-2.x only can generate certificate signing requests.
It stores the secret part of your certificate under %APPDATA%\gnupg\private-keys-v1.d and prints out the signing request. That singing request is supposed to be sent to a Certificate Authority that signs your certificate (like cacert).
You then import the signed certificate and it will then show up unter --list-secret-keys and will be exportable.
With GnuPG 2.1 (can be downloaded as windows installer from gnupg.org) you are asked when generating a key if you want to selfsign it. In that case your "test.p10" would contain the signed certificate that you can then import into gpgsm and use / export it directly without the need for a CA.
I am trying to push my staging repository on oss.sonatype.org to central repository, but this action is getting failed and i am getting following exception
Event: Failed: Signature Validation
typeId signature-staging
failureMessage No public key: Key with id: (XXXXX) was not able to be located on http://keyserver.ubuntu.com:11371. Upload your public key and try the operation again.
I used gbp to generate public and well private key for me and i even sent public key to the server with following command
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys EE539F98
Still i am getting same exception.I cross checked and there is only one Sub Key, not sure what else i need to do to push public key so as this can be found by nexus
The various OpenPGP keyserver synchronize, but that takes some time. If you know which keyserver will be queried, you can directly upload your key there.
I did:
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys EE539F98
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys EE539F98
and now your key can successfully be found on Ubuntu's keyserver, without having to wait until it automatically synchronized.
Actually I ran the recv-command multiple times to find a keyserver in their pool which already had your key.
I got the error message:
No public key: Key with id: (xxxx) was not able to be
located on http://keyserver.ubuntu.com:port. Upload your public key
and try the operation again.
Then i entered the following command on console:
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys xxxx
(removed the :port from the end of the hostname)
It works!
Same thing here, the thing was :
uploading the key generated from my laptop works perfectly
uploading the key generated from the application server was not efficient, I did not get any error message but the key was never distributed
Maybe our application server was blocking this request, or maybe this one was rejected directly by Sonatype (like explained in https://issues.sonatype.org/browse/OSSRH-6697)
Anyway we found a workaround that I wanted to share with you guys :
generate the public key on your application server
gpg --gen-key
if you have already one, make a copy of pubring.gpg file in your local folder /Users/you/.gnupg/
download locally the public key pubring.gpg generated on your application server (using scp command for example), it should be located in the /home/username/.gnupg/ folder on your application server
put it in your local folder /Users/you/.gnupg/ and publish this key
gpg2 --list-keys
gpg2 --keyserver hkp://pool.sks-keyservers.net
--send-keys KEYID
the key should be published by now
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys KEYID
Please let me know if it helps!
Regards
gpg --keyserver hkp://keys.openpgp.org --send-keys your_public_key
I then retrived an email and cheked this key at https://keys.openpgp.org/
I have a brand new install of Linux Mint 14. Installed Thunderbird & Enigmail.
Generated my key, got a friend's public key, imported it.
Sent my friend an encrypted email, he was able to decrypt it just fine.
However, when he responded, I got "gpg: decryption failed: secret key not available"
I tried deleting my key and reimporting it. I tried changing various settings. But I can't figure out what the problem is. I've used Linux/Thunderbird/Enigmail in the past and never had this error.
Sounds like your friend didn't encrypt the message to your public key in the first place. That error message just means that you did not possess the secret key for any of the keys the message was encrypted to.
I think you'll find that if you save the encrypted message into a file and run "gpg -v " it will tell you that it can't find a key on your keyring to decrypt it. I'm also willing to bet that running "gpg --list-packets" or "pgpdump" (which just makes the --list-packets option easier to read) on that file you'll find that the message was only encrypted to your friend's key.
Sounds stupid, but make sure you are not mixing up gpg keys and ssh keys. That's just the kind of brain fart that will have you tearing your hair out. That's why I keep my hair short :)
See this: Are GPG and SSH keys interchangeable?
I just had exactly the same thing happen as the OP but it was a different cause. I eventually noticed that Thunderbird Enigmail was looking in the keyring of gpg2 while I had used gpg to create the latest key pair. You can check if it is in gpg and bring it across:
gpg2 --list-secret-keys
gpg2 --import ~/.gnupg/secring.gpg
gpg2 --list-secret-keys
It will ask you for passwords of keys after the middle step.
I am writing a drupal module that encrypts a file using gnupg and sends it to a remote host. There appears to be some bug in my module where it uses the wrong public key to send to the remote host, because they're telling me it fails when they try to decrypt the file. This is the error message they get, from their windows batch file:
Beginning GPG Decryption
Using current version of GNUPG
gpg: encrypted with 2048-bit ELG-E key, ID F1940956, created 2002-04-25
"Wrong Public Key <another_key#another_company.com>"
gpg: decryption failed: secret key not available
However, when I try to decrypt the file I'm sending them, without the key, I get simply
$> gpg --decrypt sensitive_file.gpg
gpg: encrypted with ELG-E key, ID F1940956
gpg: decryption failed: secret key not available
I want gpg to report the email address of the key used to encrypt the file, like in the error message I'm getting from the remote host. I want to see Wrong Public Key <another_key#another_company.com>, like in their error message. But my gpg doesn't report that.
Am I missing a switch? How can I get this information?
The reason that the remote host was able to get the email address of the encrypting key was because of the id F1940956. The remote sign either already has this key, with additional information, on their keyring, or else looked it up in a registry, since this key is a published key.