Mailing List Archive

Un-revoking a key pair
Hi gang,

Somehow the other night I accidently imported a revoking thing for my main
secret and public key pair when I was using kgpg. Kgpg tells me I need to
un-revoke it in the manual editor, so, could someone tell me a quick and easy
way to do so, please? Is it possible to un-revoke?

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Un-revoking a key pair [ In reply to ]
On 4/6/07, John B <yochanon@localnet.com> wrote:
> Somehow the other night I accidently imported a revoking thing for my main
> secret and public key pair when I was using kgpg. Kgpg tells me I need to
> un-revoke it in the manual editor, so, could someone tell me a quick and easy
> way to do so, please? Is it possible to un-revoke?

I believe you simply need to sign the keys again. When you create
them, a self signature is added. When you revoke them, a revoking
signature is added. Thus to unrevoke them an additional signature is
needed.

Cheers,

Adam

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Un-revoking a key pair [ In reply to ]
On Fri, Apr 06, 2007 at 01:22:52AM -0500, John B wrote:
>
> Hi gang,
>
> Somehow the other night I accidently imported a revoking thing for
> my main secret and public key pair when I was using kgpg. Kgpg tells
> me I need to un-revoke it in the manual editor, so, could someone
> tell me a quick and easy way to do so, please? Is it possible to
> un-revoke?

Yes it is possible. The first thing is that you must not distribute
the keys while they are in this revoked state: do not send them to
anyone, and absolutely do not send them to a keyserver.

Here's how to unrevoke. It's a very manual process. Be safe: make a
backup before you do stuff like this.

1) Export the public key into a file.
gpg --export (thekey) > mykey.gpg

2) Split it into parts:
gpgsplit mykey.gpg

This breaks the key into multiple files with names like
"000001-006.public_key".

3) Figure out which packet is the revocation. It's likely to be
"000002-002.sig", but make sure with:
gpg --list-packets 000002-002.sig

That will show information about the packet. If the sigclass is
set to 0x20, that's the revocation. Delete that file.

4) Put the key back together again:
cat 0000* > myfixedkey.gpg

5) Remove the old key:
gpg --expert --delete-key (thekey)

You need --expert here so GPG will let you delete the public key
when a private key is still around.

6) Import the new key:
gpg --import myfixedkey.gpg

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Un-revoking a key pair [ In reply to ]
John B wrote:
> Somehow the other night I accidently imported a revoking thing for my main
> secret and public key pair when I was using kgpg. Kgpg tells me I need to
> un-revoke it in the manual editor, so, could someone tell me a quick and easy
> way to do so, please? Is it possible to un-revoke?

Actually, you're technically not supposed to be able to un-revoke a key,
but as long as the revocation certificate generated hasn't been made
public (sent to other people, uploaded to a keyserver, or otherwise
posted) it should be possible to make a copy of the key, remove the
revocation information from that copy, then remove all knowledge of the
key from your keychain and import the non-revoked version back in. What
you'd be doing isn't really un-revoking the key--you're just convincing
gpg that it was never revoked in the first place. If gpg doesn't know
it was revoked, and none of the public keyservers know it was revoked,
and nobody else in the world knows it was revoked, then it was
effectively never revoked. Nice, eh?

Incidentally, if your revocation certificate was made public in any way,
you'll have to generate and use a new key. Sorry--these are the breaks.

Anyway, I was going to explain how to do it, but David Shaw just did. :-)

Good luck
PSM
Re: Un-revoking a key pair [ In reply to ]
On 06 April 07 09:48, David Shaw wrote:
> On Fri, Apr 06, 2007 at 01:22:52AM -0500, John B wrote:
> > Hi gang,
> >
> > Somehow the other night I accidently imported a revoking thing for
> > my main secret and public key pair when I was using kgpg. Kgpg tells
> > me I need to un-revoke it in the manual editor, so, could someone
> > tell me a quick and easy way to do so, please? Is it possible to
> > un-revoke?
>
> Yes it is possible. The first thing is that you must not distribute
> the keys while they are in this revoked state: do not send them to
> anyone, and absolutely do not send them to a keyserver.
>
> Here's how to unrevoke. It's a very manual process. Be safe: make a
> backup before you do stuff like this.
>
> 1) Export the public key into a file.
> gpg --export (thekey) > mykey.gpg
>
> 2) Split it into parts:
> gpgsplit mykey.gpg
>
> This breaks the key into multiple files with names like
> "000001-006.public_key".
>
> 3) Figure out which packet is the revocation. It's likely to be
> "000002-002.sig", but make sure with:
> gpg --list-packets 000002-002.sig
>
> That will show information about the packet. If the sigclass is
> set to 0x20, that's the revocation. Delete that file.
>
> 4) Put the key back together again:
> cat 0000* > myfixedkey.gpg
>
> 5) Remove the old key:
> gpg --expert --delete-key (thekey)
>
> You need --expert here so GPG will let you delete the public key
> when a private key is still around.
>
> 6) Import the new key:
> gpg --import myfixedkey.gpg

Thanks to David, Peter, and Adam for the info on doing this. It looks like
the easiest thing to do is go ahead and send out the revoked key info to
keyservers and just make a new key though, especially since kgpg is acting up
so badly and not seeing /home/me/.gnupg for some reason. Maybe I'll be able
to figure it out before I create a new keypair though.

Thanks again.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Un-revoking a key pair [ In reply to ]
David Shaw wrote:
> 1) Export the public key into a file.
> gpg --export (thekey) > mykey.gpg
>
> 2) Split it into parts:
> gpgsplit mykey.gpg
>
> This breaks the key into multiple files with names like
> "000001-006.public_key".
>
> 3) Figure out which packet is the revocation. It's likely to be
> "000002-002.sig", but make sure with:
> gpg --list-packets 000002-002.sig
>
> That will show information about the packet. If the sigclass is
> set to 0x20, that's the revocation. Delete that file.
>
> 4) Put the key back together again:
> cat 0000* > myfixedkey.gpg
>
> 5) Remove the old key:
> gpg --expert --delete-key (thekey)
>
> You need --expert here so GPG will let you delete the public key
> when a private key is still around.
>
> 6) Import the new key:
> gpg --import myfixedkey.gpg

What is the reason for doing all this, when you can just delete the
revocation signature?

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Un-revoking a key pair [ In reply to ]
Jørgen Ch. Lysdal wrote:

> What is the reason for doing all this, when you can just delete the
> revocation signature?

Okay I was thinking uid´s here...



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users