need help with old gpg secret key in a new OS

[jsplicer]

I had previously created a key pair, made back ups and put them on a usb stick. Did not know about first creating a revoke key. Now I know.
Since the first key pair I created, and published the public key... I had problems with my OS and wiped the drive clean and reinstalled LM17KDE. I then foolishly created a new key pair with a different email address. So what I have now is a new secret key and public key that I "did not publish yet". But the old one "is" and I can't do anything with it because it says "private key not found" I have the private key on the USB stick but don't know how to get it into my new OS, or into the private keyring or get it recognized at all.

When I run gpg2 --list-keys , it lists both my new public key and old public key

I tried every command I could think that may work from man gpg2 and nothing is working. I am assuming I can import this key from my USB stick into my private keyring on the new OS but don't know how.

Any help or advice would be greatly appreciated.

[xenopeek]

I'd go onto the terminal for this. Let's assume you are in the folder when you have the private key file, and it is called "private.keyfile". It should be as easy as:

Code: Select all

gpg2 --import private.keyfile

Or if you're not using GnuPG 2 but the default obsolete GnuPG version on Linux Mint:

Code: Select all

gpg --allow-secret-key-import --import private.keyfile

[jsplicer]

xenopeek Man I thought that would work. But it returns this output:

gpg: enabled debug flags: memstat
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks

I'm sure this is the correct rsaprivkey.pem because I added it to the USB pen drive right next to the Public key file and that is recognized.

I can't generate a revoke key because it keeps saying secret key not found.

[jsplicer]

What if I certify the public key that I'm not locating secret key for with my new key? Will that allow me to use the file?

[xenopeek]

For your earlier "gpg2 --list-keys" command, did you also check with "gpg2 --list-secret-keys"? --list-keys only shows public keys...

Else it might be because of the .pem file. Google turns up these are certificate files for which you'd use gpgsm I think. Give this a try:

Code: Select all

gpgsm --import private.keyfile

As for signing your public key with your new key, that will allow you to encrypt messages intended for yourself--but you need the secret key to be able to decrypt messages or creating a revoke.

[jsplicer]

I tried the gpgsm --import rsaprivkey.pem and got this back

gpgsm --import rsaprivkey.pem
gpgsm: enabled debug flags: assuan
gpgsm: no issuer found in certificate
gpgsm: basic certificate checks failed - not imported
gpgsm: total number processed: 1
gpgsm: not imported: 1
secmem usage: 0/16384 bytes in 0 blocks

As an edit: I did try the first suggestion earlier, I gleamed that from the man pages, only showed the one secret key..

Man I got no hair left to pull out...

[jsplicer]

xenopeek , I come to the conclusion that the secret key was over written somehow and gone. I really appreciate you taking the time and effort to help me. I have but one more question. Being that I can no longer do anything at all to this published public key, does this in anyway jeopardize my security to my system or the email address associated with it?

[Cosmo.]

Being that I can no longer do anything at all to this published public key, does this in anyway jeopardize my security to my system or the email address associated with it?

Regarding the system: This has no affect on it's security.
Regarding the email address: The point, that you cannot withdraw the key has no security aspect. But you should note, that by publishing your public key anybody, who gets the key, can see your email address. As long as you give this key only to selected email partners, this is (or should, as long as they do not give the key to any third party) no problem. This problem arises, if you should store your public key to a keyserver, where anybody can catch it. But again, even after revoking the key the problem exists, as it is not possible, to physically remove the key from a keyserver (to my knowledge). This is not a security problem, but merely a spam problem.

The real problem with it is: If anybody, who has your old public key, does send you an encrypted message, you will not be able to open it. Solution: As long as you know, who your key has, give them a note (and probably the new key), that they shall delete the old key.

[jsplicer]

Cosmo, Thank you very much for that explanation. They should have let you write the manual. One of the first things they tell you to do is to publish the key to any key server! Even before they tell you to create a revoke key and to not lose your secret key.

I'm not usually the criticism kind of person, but I think the whole process sucks. It's too confusing and long winded of a manual for the average person to understand. I try to explain about keys to some people I know & they tell me they work all day, they don't want to go through all that crap.

Thank you though for your time and effort to help.