[svlug] (forw) GnuPG / PGP key signing party October 3rd 2017

Marc MERLIN marc_news at merlins.org
Thu Jul 20 10:22:27 PDT 2017


On Thu, Jul 20, 2017 at 09:58:20AM -0700, Rick Moen wrote:
> I'm a sysadmins at mozilla working remote from europe.  I'm organizing a pgp Key
> signing party in the Mozilla san francisco office (https://wiki.mozilla.org/People:MozSpaces_Guidelines:San_Francisco) 
>  on October the 3rd 2017 from 6PM to 8PM.

Well, this reminds me of a problem I have:
saruman:~$ gpg --list-keys  merlin
gpg: using classic trust model
pub   1024R/763BE901 1996-11-17
uid                  Marc MERLIN (Linux BOFH / Mail Goon) <merlin at google.com>
uid                  Marc Merlin <marc_pgp at merlins.org>
uid                  Marc Merlin <marc at merlins.org>


Being that the key is from 1996, it's likely using RSA and MD5
https://pgp.mit.edu/pks/lookup?op=get&search=0x7E3150A6763BE901

Debian has upgraded from gpg1 to gpg2, and gpg2 nicely decided that I shall
never be able to use my key again (it silently ignores it as a private key,
without even giving any error message)

I realize that MD5 has been broken, but at the same time I'm really loathe to
throwing away that key I've had that long and that has so many signatures.

I'm honestly not up to date on PGP at this point, but is it correct that I'm
basically SOL and that there is no way to convert the key to newer algorithms
without losing the signatures I currently have and that I basically have to
throw it away with all its history and have to start over from scratch?

Also, if I encrypt or sign a message with my current key, does it mean that
someone with GPG 2 cannot even decrypt it, even though MD5 is actually
related to signing and not encryption?

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: Digital signature
Url : http://lists.svlug.org/archives/svlug/attachments/20170720/8018e05d/attachment.bin


More information about the svlug mailing list