hi debian-folk,
i am issuing a warning which might be purely prophylactic, but
i figure it's better than not to mention it. it's about GPG and about
something along the lines of keyring corruption through normal usage.
so read this before you continue using your woody GPG to verify signed
email!
i don't have many details, let me explain to you what happened
(fortunately i had my keyring backed up):
throughout this day, i was happily signing my mail with gnupg 1.0.6-3,
the last message i successfully signed was sent 22:16 hours GMT, which
was about 20 minutes ago.
when i tried to send an email about 10 minutes ago, the signing failed
with the following errors:
gpg: key A8FA196E: secret key without public key - skipped
gpg: key 3290879A: secret key without public key - skipped
gpg: key 330C4A75: secret key without public key - skipped
gpg: no default secret key: secret key not available
gpg: signing failed: secret key not available
(the three are all keys i use).
oh my, i said, and ran to the console to check:
fishbowl:~> gpg --list-key 330c4a75
gpg: error reading key: public key not found
fishbowl:~> gpg --list-keys
fishbowl:~> gpg --list-sigs
fishbowl:~>
and i had at least 1000 public keys in my keyring, and at least 30
signatures on my 330c4a75 key. they are all gone, the keyring is not
usable anymore, neither public nor private.
and the worst of all: i did not do *anything* than read mailing lists,
so the only GPG interaction there is automatic fetching of keys from
the keyserver through mutt.
for the technologically gifted:
fishbowl:~> gpg --homedir .gnupg.corrupt --list-packets 330c4a75
gpg: can't open `330c4a75'
otherwise i am clueless!
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"there are two major products that come out of berkeley: lsd and unix."
one caused me an addiction
-- fyodor
Attachment:
pgpibxU4_cNrb.pgp
Description: PGP signature