Silk Road forums
Discussion => Security => Topic started by: pathenry76 on August 24, 2013, 12:10 am
-
After the recent scare over security, I took the plunge and set up tails with a persistent volume and new PGP keys. The problem is that I was drunk when I did it. Despite my own general computer illiteracy and drunkeness, I set everything up perfectly and all is well. EXCEPT I cant remember the password I used for the email I set up in association with my PGP keys. The keys work. I encrypt and decrypt just fine. But the email associated is useless to me. So back to the question: How important is the email associated with a PGP key?
-
Many vendors use fake email in their keys (like none@none.com). They aren't crucial for the keys themselves, and I doubt anyone from SR would attempt to contact you at that address.
Mine is still a TorMail address (since it was considered secure when I created the key). I don't plan on changing the Key (no need), and I'll never log back into my TorMail account either.
-
It's not a huge deal unless you sent a lot of clear text email with sensitive info using that account, then you should make a new key to avoid attention to that account.
Myself, I registered a tormail.org account and used it for PGP key registration , but I never used it for anything. It was only to keep in contact in the event SR went down....so I have no worries.
If you had sensitive data on the email that is registered with your PGP key...than make a new one. I suggest 4096 bit instead of 2048 bit now a days...you can never be too careful!
-
Thanks for the responses. I just wasn't sure if I would need to change the keys or not. I created the email only for the keys. No sensitive info.
-
How important is the email associated with a PGP key?
It's not. You might as well add another id to the key, deleting the one associated with the email while you're at it, then saving the key and exporting it to whatever software you see fit. The thing is, this procedure alters the public key ever so slightly, so it's *kind* of like generating a new one.
Edit or generate a new one. Your choice :)
Zen Garden
-
After the recent scare over security, I took the plunge and set up tails with a persistent volume and new PGP keys. The problem is that I was drunk when I did it. Despite my own general computer illiteracy and drunkeness, I set everything up perfectly and all is well. EXCEPT I cant remember the password I used for the email I set up in association with my PGP keys. The keys work. I encrypt and decrypt just fine. But the email associated is useless to me. So back to the question: How important is the email associated with a PGP key?
At the risk of lecturing you, one of the primary rules of security is to never use the computer, unless you are stone cold sober, well-rested, and able to focus completely on the task at hand (i.e. not distracted). It is precisely at times when you are tired, drunk/high or distracted that mistakes happen. Fortunately for you, no real damage was done this time.
As far as the email address on your PGP key goes, it is merely a type of label -- it is there for the convenience of those who would corespond with you. It's a way of making it easier to locate someone's PGP key. Your key can be edited so as to remove the now-defunct email address. You can add another one.
To edit a key in Tails, you merely have to open a terminal window (click on the little black square on the top menu bar).
Once the terminal window opens, key in the following commands:
gpg --edit-key joe@blow.org where joe@blow.org is replaced with the email address that you used.
You will then want to use the adduid command, which will allow you to add a new user-id.
After this is done, the old and new addresses will be shown, one with a 1 beside it, and the othe with a 2 beside it.
Choose the number (1 or 2) corresponding to the user-id you want to remove. An asterisk will appear beside it to indicate it has been selected.
You can then use the deluid command to delete the old user-id.
Type in the save command at the prompt, and then type in quit. Restart gpg and you will see your changes reflected in your key.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B MIT clearnet keryserver
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0