I had previously created a key pair, made back ups and put them on a usb stick. Did not know about first creating a revoke key. Now I know.
Since the first key pair I created, and published the public key... I had problems with my OS and wiped the drive clean and reinstalled LM17KDE. I then foolishly created a new key pair with a different email address. So what I have now is a new secret key and public key that I "did not publish yet". But the old one "is" and I can't do anything with it because it says "private key not found" I have the private key on the USB stick but don't know how to get it into my new OS, or into the private keyring or get it recognized at all.
When I run gpg2 --list-keys , it lists both my new public key and old public key
I tried every command I could think that may work from man gpg2 and nothing is working. I am assuming I can import this key from my USB stick into my private keyring on the new OS but don't know how.
Any help or advice would be greatly appreciated.
need help with old gpg secret key in a new OS
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
need help with old gpg secret key in a new OS
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: need help with old gpg secret key in a new OS
I'd go onto the terminal for this. Let's assume you are in the folder when you have the private key file, and it is called "private.keyfile". It should be as easy as:
Or if you're not using GnuPG 2 but the default obsolete GnuPG version on Linux Mint:
Code: Select all
gpg2 --import private.keyfile
Code: Select all
gpg --allow-secret-key-import --import private.keyfile
Re: need help with old gpg secret key in a new OS
xenopeek Man I thought that would work. But it returns this output:
gpg: enabled debug flags: memstat
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks
I'm sure this is the correct rsaprivkey.pem because I added it to the USB pen drive right next to the Public key file and that is recognized.
I can't generate a revoke key because it keeps saying secret key not found.
gpg: enabled debug flags: memstat
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks
I'm sure this is the correct rsaprivkey.pem because I added it to the USB pen drive right next to the Public key file and that is recognized.
I can't generate a revoke key because it keeps saying secret key not found.
Re: need help with old gpg secret key in a new OS
What if I certify the public key that I'm not locating secret key for with my new key? Will that allow me to use the file?
Re: need help with old gpg secret key in a new OS
For your earlier "gpg2 --list-keys" command, did you also check with "gpg2 --list-secret-keys"? --list-keys only shows public keys...
Else it might be because of the .pem file. Google turns up these are certificate files for which you'd use gpgsm I think. Give this a try:
As for signing your public key with your new key, that will allow you to encrypt messages intended for yourself--but you need the secret key to be able to decrypt messages or creating a revoke.
Else it might be because of the .pem file. Google turns up these are certificate files for which you'd use gpgsm I think. Give this a try:
Code: Select all
gpgsm --import private.keyfile
Re: need help with old gpg secret key in a new OS
I tried the gpgsm --import rsaprivkey.pem and got this back
gpgsm --import rsaprivkey.pem
gpgsm: enabled debug flags: assuan
gpgsm: no issuer found in certificate
gpgsm: basic certificate checks failed - not imported
gpgsm: total number processed: 1
gpgsm: not imported: 1
secmem usage: 0/16384 bytes in 0 blocks
As an edit: I did try the first suggestion earlier, I gleamed that from the man pages, only showed the one secret key..
Man I got no hair left to pull out...
gpgsm --import rsaprivkey.pem
gpgsm: enabled debug flags: assuan
gpgsm: no issuer found in certificate
gpgsm: basic certificate checks failed - not imported
gpgsm: total number processed: 1
gpgsm: not imported: 1
secmem usage: 0/16384 bytes in 0 blocks
As an edit: I did try the first suggestion earlier, I gleamed that from the man pages, only showed the one secret key..
Man I got no hair left to pull out...
Re: need help with old gpg secret key in a new OS
xenopeek , I come to the conclusion that the secret key was over written somehow and gone. I really appreciate you taking the time and effort to help me. I have but one more question. Being that I can no longer do anything at all to this published public key, does this in anyway jeopardize my security to my system or the email address associated with it?
Re: need help with old gpg secret key in a new OS
Regarding the system: This has no affect on it's security.jsplicer wrote:Being that I can no longer do anything at all to this published public key, does this in anyway jeopardize my security to my system or the email address associated with it?
Regarding the email address: The point, that you cannot withdraw the key has no security aspect. But you should note, that by publishing your public key anybody, who gets the key, can see your email address. As long as you give this key only to selected email partners, this is (or should, as long as they do not give the key to any third party) no problem. This problem arises, if you should store your public key to a keyserver, where anybody can catch it. But again, even after revoking the key the problem exists, as it is not possible, to physically remove the key from a keyserver (to my knowledge). This is not a security problem, but merely a spam problem.
The real problem with it is: If anybody, who has your old public key, does send you an encrypted message, you will not be able to open it. Solution: As long as you know, who your key has, give them a note (and probably the new key), that they shall delete the old key.
Re: need help with old gpg secret key in a new OS
Cosmo, Thank you very much for that explanation. They should have let you write the manual. One of the first things they tell you to do is to publish the key to any key server! Even before they tell you to create a revoke key and to not lose your secret key.
I'm not usually the criticism kind of person, but I think the whole process sucks. It's too confusing and long winded of a manual for the average person to understand. I try to explain about keys to some people I know & they tell me they work all day, they don't want to go through all that crap.
Thank you though for your time and effort to help.
I'm not usually the criticism kind of person, but I think the whole process sucks. It's too confusing and long winded of a manual for the average person to understand. I try to explain about keys to some people I know & they tell me they work all day, they don't want to go through all that crap.
Thank you though for your time and effort to help.