Adventures with GnuPG

For a couple of years now, I’ve been using GnuPG in my email. But I had a couple of keys out there that were old, and lost, and that I’d forgotten the passphrases for.

A while back, I found my old secret keyring (from back in the day when I used PGP rather than GnuPG), which contained one of the old keys, but I couldn’t remember the passphrase. So my attempts to revoke it were useless.

Then on my way to work yesterday, out of the blue, the passphrase popped into my head. This evening I dug out the secret key again and generated a revocation certificate. After a few tries (I didn’t know quite which passphrase variant I’d used) I had it! So now one of my old keys is successfully revoked. The other is still at large, resisting revocation, and orphaned without a known passphrase or secret keyring file. Such is life – this isn’t an uncommon occurrence, I gather.

If you want to start sending me encrypted email as a matter of course (please do!), it’s as simple as importing my public key into your PGP-variant. If you don’t have a PGP-variant, you can get one from your friendly neighbourhood package manager, or if you’re on Windows, gpg4win looks good (although I have no experience of it).

Then to actually get my public key, you can grab an ASCII-armoured GnuPG block from my about page or just import from a keyserver:

$ gpg --recv-keys 45844AD8

Leave a Reply