On Thu, 2003-09-25 at 14:15, John L. Fjellstad wrote: > On Wednesday 24 September 2003 23:42, Henning Moll wrote: > > > > Is there a way to revoke a gpg key if you have lost the password and > > > didn't create a revocation certificate? > > No, not really. You can start a brute force attack. If you used a > > Tried, won't work. I do remember I mixed words and numbers, with two unrelated > words with a random two digit number between the words... And I didn't put a > timelimit on the key...:-( > > > > What happens if I just upload a new public key? > > > > Nothing, except that the new one gets uploaded ;-) > > Both keys are available then... > > Actually, I was more thinking like this. I upload a new key with the same > email address. Then starts signing with my new key. What happens when > people download my public key for checking? Do they check against both keys, > and show correct when one matches or what? Verification is done using the key id of the public key. It doesn't matter what mail address(es) are attached to it. If your public key is queried using your mail address, both will be retrieved. During verification the correct one will be used. Signing/Verifying is NOT an issue.
The problem arises when one wishes to send you encrypted text. If they happen to use the old key, you will not be able to decrypt (since you have lost the passwd to your private key). ------------------------------------------------------------------ | I keep on working for the same reason a hen keeps on laying eggs.| ------------------------------------------------------------------
signature.asc
Description: This is a digitally signed message part
