| From: Josh Glover <jmglov at gmail.com>
| Date: Tue, 9 Mar 2010 15:46:48 +0000
| On 8 March 2010 20:57, Brian Foster <blf at utvinternet.ie> wrote:
| > I've forgotten the passphrase to a GPG key-pair.
| > Is it possible to change the passphrase without
| > knowing the [current] (forgotten) passphrase?
| Nope. Get l0ftcrack or John the Ripper out. :)
Ok, it's not a Big Deal. I just had to re-generate the test cases
using a new key-pair (whose passphrase is unforgettable), and the
| > (Can I delete the old key-pair without knowing
| > the passphrase?)
| You can delete it from your keyring, but you cannot revoke it,
| unless you thought to generate a revocation certificate and
| stash it somewhere. :)
It's been deleted. Revocation isn't an issue, since the keys have
not only never left my workstation (excepting backups), they aren't
protecting anything important. The worse case is a customer/client
somehow obtains the private key, cracks the passphrase, and then
uses the key-pair in their product (built using our product). That
would be incredibility daft (and impressive (due to the cracking of
the passphrase and also the obtaining of the secret key)), as they
would have to ignore multiple warnings in both the build and doc
that the test key must be replaced: The public key is basically
just a place-holder, and we NEVER supply the private key. (In any
case, I'm now considering adding a runtime warning as well, just to
drive the point home.)
Thanks to everyone for the help and suggestions.
“How many surrealists does it take to | Brian Foster
change a lightbulb? Three. One calms | somewhere in south of France
the warthog, and two fill the bathtub | Stop E$$o (ExxonMobil)!
with brightly-coloured machine tools.” | http://www.stopesso.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!