[ale] hosed gpg key

Michael H. Warfield mhw at WittsEnd.com
Mon Dec 12 23:07:42 EST 2011 

On Mon, 2011-12-12 at 17:20 -0500, Aaron Ruscetta wrote: 
> This morning I went to sign all the keys from last Thursday's party.

> Unfortunately I'm having pass phrase issues, with the new "stronger"
> key that I generated for the event.

> I'm on Mac PPC using the latest (and last) MacGPG2 package
> available for my system. When needing a pass phrase entry from
> the [bash] shell it uses pinetry to open a graphic entry window.

> My pass phrase is fairly long and has spaces and punctuation.
> I've banged at making it work for a few hours now trying variations
> on potential fat finger errors and such but curiously haven't hit the
> magic combination.  I'm pretty sure that this pass phrase had to
> have worked with my setup at some point when I was generating
> and exporting the key for signing, but the magic has apparently
> leaked out of this key.  The same software setup is working fine
> with my older key from 2009, though that pass phrase is a little
> shorter and doesn't have any spaces.

Spaces should not be a problem.  You may want to try creating your
passphrase in some sort of editor window and then try using cut and
paste to test out variation and confirm you are not mistyping.  I HAVE
had it occur where I mistyped a password in creating an object and then
mistyped the password the same way on the confirmation and had a devil
of a time figuring out just WHAT THE $$#@$#@ I did wrong.

> Since I've pretty well hit all the likely alternate forms of the pass
> phrase at this point, I'm thinking there must be something else
> going on here. Is there a limit to pass phrase length or something?

No.  The passphrase is fed to a digest algorithm (most likely one of the
shas) and that is used.  The password is of arbitrary length and can
even contain untypable binary data if you know how to push it into it.
I don't know if pinetry makes a difference there.

> Is there an undeclared timeout on multiple attempts?

No. 

> If I'm unable to re-discover the pass phrase, how do I just go
> about trashing this key and removing it from the keyring and such?
> Would anyone in the key ring be willing to sign a new alternative
> if I were to generate it and post it to BigLumber?

As Michael and Jeremy have stated, I am also willing to accept a key
signed by your working key.

> Any suggestions and assistance appreciated!

> peace
> aaron

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111212/683b46d4/attachment.bin

More information about the Ale mailing list