lmi
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] Maintaining our ftp area

From: Vadim Zeitlin
Subject: Re: [lmi] Maintaining our ftp area
Date: Sat, 9 Mar 2019 01:04:51 +0100 
On Fri, 8 Mar 2019 15:42:15 +0000 Greg Chicares <address@hidden> wrote:

GC> [...I'd like to add an updated 'lmi-data' archive to
GC>   http://download.savannah.gnu.org/releases/lmi/
GC> but that requires a GPG-signed file, and I can't sign it...]

 Just out of curiosity (i.e. it doesn't affect anything else), when you say
"requires", does it mean that it's just lmi convention to provide
signatures for all the files in this directory or that it's somehow
Savannah policy to require them?

GC> On 2015-07-15 16:40, Greg Chicares wrote:
GC> >> # Specify './file-to-sign', not just 'file-to-sign'.
GC> >> gpg --local-user address@hidden  --detach-sign ./setup.ini
GC> > 
GC> > My original message specifies
GC> >   me at-sign my_isp period net
GC> > but the html archives turned that into
GC> >   address at-sign hidden
GC> 
GC> [...writing "EMAIL_ADDR" to signify my email address...]
GC> 
GC> $gpg --local-user EMAIL_ADDR --detach-sign 
./lmi-data-20190308T1249Z.tar.bz2              
GC> gpg: skipped "EMAIL_ADDR": No secret key
GC> gpg: signing failed: No secret key
GC> 
GC> That seems weird because the RSA key that I created here:
GC> 
GC>   https://lists.nongnu.org/archive/html/lmi/2015-12/msg00018.html
GC> | [...] so I created a new RSA key...
GC> |
GC> | $ssh-keygen -t rsa -b 4096 -C "address@hidden"
GC> 
GC> continues to work for pushing to savannah.

 This may be confusing, but the fact is that ssh keys and gpg keys are
quite different and completely independent. The former ones are indeed
stored (although it's only a convention) in ~/.ssh while the latter ones
are stored in ~/.gnupg (in non human-readable "ring" files).

GC> What seems even weirder is that I can't even list my keys:
GC> 
GC> /tmp[0]$gpg --list-keys 

 If "gpg --list-secret-keys" doesn't show anything neither (I'm almost sure
that you don't have your private key if you don't have its public
counterpart, but in principle it's possible, I think), this means that you
don't have your key on this machine. Of course, it's impossible, by design,
to "recover" this key, so if you've really lost it you don't have any
choice but to revoke it and create and start using a new one. But you
probably still have it on some other, older machine or in some backups, in
which case you should restore it from there by either just copying your old
~/.gnupg directory (as it seems the current one doesn't contain anything of
value anyhow) or by exporting it from there and importing it here.

 Please let me know if you did find it and need more details about doing
this.

 Good luck!
VZ
reply via email to
[Prev in Thread] Current Thread [Next in Thread]