Subject: Re: rm ~/.gnupg/secring NOW!



On Thu, Aug 03, 2017 at 09:54:28AM +0100, Daniel Pocock wrote:
> On 02/08/17 21:30, Adam Borowski wrote:
> > On Wed, Aug 02, 2017 at 09:53:27PM +0200, Adam Borowski wrote:
> >> If you have ever generated or imported a gpg secret key using gpg 1 or 2.0
> >> (ie, before Stretch), then used --delete-secret-key, please
> >> rm ~/.gnupg/secring.gpg
> > Obviously, this assumes you did run a gpg command after upgrading from
> > jessie and thus triggered the upgrade to 2.1 format. Ie,
> > ~/.gnupg/.gpg-v21-migrated exists.
> >
> > And if not... well, an opportunity to test your backups was overdue :p
> >
>
> Would problems like this be avoided by using the PGP/PKI Clean Room[1]?
> 1. https://danielpocock.com/dvd-based-clean-room-for-pgp-and-pki

No matter how you generate your key, you still need to both store and access
it _somewhere_.

It is possible to do so on a dedicated smartcard, which is more secure, but
most of us do not own such a card. In a separate thread, I asked for
advice how to transition from have-nots to haves, but even if _I_'ll get a
card, there's many other folks who have their keys right in ~ .

For the majority who use software-only key management, such issues can't be
avoided.

> I've proposed a discussion[2] about it for DebConf
> 2. https://debconf17.debconf.org/talks/66/

This one 403s.

--
⢀⣴⠾⠻⢶⣦⠀ What Would Jesus Do, MUD/MMORPG edition:
⣾⠁⢰⠒⠀⣿⡁ • multiplay with an admin char to benefit your mortal
> ⢿⡄⠘⠷⠚⠋⠀ • abuse item cloning bugs (the five fishes + two breads affair)
⠈⠳⣄⠀⠀⠀⠀ • use glitches to walk on water



Programming list archiving by: Enterprise Git Hosting