LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   gpg can't create same key on different machine! (https://www.linuxquestions.org/questions/linux-software-2/gpg-cant-create-same-key-on-different-machine-546865/)

rino.caldelli 04-17-2007 04:56 PM
gpg can't create same key on different machine!
 
problem solved

gilead 04-17-2007 05:41 PM
That's deliberate and it should also be different even if you deleted ~/.gnupg and re-generated your keys on the same box. gpg uses your random number generator during the key generation.

Copying over your .gnupg directory is fine - just make sure the permissions are correct and that you don't let someone else access its data.

rshaw 04-17-2007 05:44 PM
because "name, email, and note" are not the only things used to generate the key pair. gpg would be pointless if i could generate _your_ private key just by knowning your name,email address, and your favorite phrase.

bsdunix 04-17-2007 05:49 PM
Quote:
why are they different...?
It's called "entropy" and /dev/random

nmh+linuxquestions.o 04-17-2007 06:34 PM
Quote:
Originally Posted by rinonapo
why are they different even if they are created with identical "name" "password" and "note"???
I did a workaround by copying .gnupg directory in both computers..is it a good thing or not?

thanks...
If you want to use one keypair to sign/verify/encrypt/decrypt messages/files on two different computers, copying it over is the only way to accomplish this. If you want to send messages between the two computers, you can just use two keys.

rino.caldelli 04-19-2007 11:22 AM
Quote:
Originally Posted by rshaw
because "name, email, and note" are not the only things used to generate the key pair. gpg would be pointless if i could generate _your_ private key just by knowning your name,email address, and your favorite phrase.
Hmm I think you miss one point here: you also have to insert a password to create the keypair.. so it seemed to me logical you had to be able to create the same keypair by entering the same information (password included!)..

Anyone can tell me the use of not permitting the recreation "by hand" of a keypair and making it instead random by using /dev/random ????

Quote:
Originally Posted by nmh+linuxquestions.o
If you want to use one keypair to sign/verify/encrypt/decrypt messages/files on two different computers, copying it over is the only way to accomplish this. If you want to send messages between the two computers, you can just use two keys.
Hmmm that's what I wanted to hear.. so the only way to encrypt all your stuff for the future time is bringing along a folder with your public and private keys...if you lose it even knowing you name comment email and password is not sufficient..right?

but what do you mean by "keep your private key safe"? even if someone stole it he ought to get to know the password to cheat me..right???

bsdunix 04-19-2007 10:03 PM
Quote:
... even if someone stole it he ought to get to know the password to cheat me..right???
That's why you keep your passphrase in your head and not on paper. If your passphrase get's compromised you should revoke your public key.

http://wiki.openskills.net/OpenSkill...Key+Revocation

nmh+linuxquestions.o 04-20-2007 12:55 AM
passwords and keys
 
Quote:
Originally Posted by rinonapo
Hmm I think you miss one point here: you also have to insert a password to create the keypair.. so it seemed to me logical you had to be able to create the same keypair by entering the same information (password included!)..

Anyone can tell me the use of not permitting the recreation "by hand" of a keypair and making it instead random by using /dev/random ????
You might try searching for more information, but I think the short of it is that there is no password for certificates, or keypairs. They are just a bunch of bits. Many people choose to encrypt the private key so that if someone else gets ahold of it, there is another layer of defense.


All times are GMT -5. The time now is 05:01 AM.