gpg can't create same key on different machine!

rino.caldelli · 04-17-2007, 04:56 PM

problem solved

gilead · 04-17-2007, 05:41 PM

That's deliberate and it should also be different even if you deleted ~/.gnupg and re-generated your keys on the same box. gpg uses your random number generator during the key generation.

Copying over your .gnupg directory is fine - just make sure the permissions are correct and that you don't let someone else access its data.

rshaw · 04-17-2007, 05:44 PM

because "name, email, and note" are not the only things used to generate the key pair. gpg would be pointless if i could generate _your_ private key just by knowning your name,email address, and your favorite phrase.

bsdunix · 04-17-2007, 05:49 PM

Quote:

why are they different...?

It's called "entropy" and /dev/random

nmh+linuxquestions.o · 04-17-2007, 06:34 PM

Quote:

Originally Posted by rinonapo

why are they different even if they are created with identical "name" "password" and "note"???
I did a workaround by copying .gnupg directory in both computers..is it a good thing or not?

thanks...

If you want to use one keypair to sign/verify/encrypt/decrypt messages/files on two different computers, copying it over is the only way to accomplish this. If you want to send messages between the two computers, you can just use two keys.

rino.caldelli · 04-19-2007, 11:22 AM

Quote:

Originally Posted by rshaw

because "name, email, and note" are not the only things used to generate the key pair. gpg would be pointless if i could generate _your_ private key just by knowning your name,email address, and your favorite phrase.

Hmm I think you miss one point here: you also have to insert a password to create the keypair.. so it seemed to me logical you had to be able to create the same keypair by entering the same information (password included!)..

Anyone can tell me the use of not permitting the recreation "by hand" of a keypair and making it instead random by using /dev/random ????

Quote:

Originally Posted by nmh+linuxquestions.o

If you want to use one keypair to sign/verify/encrypt/decrypt messages/files on two different computers, copying it over is the only way to accomplish this. If you want to send messages between the two computers, you can just use two keys.

Hmmm that's what I wanted to hear.. so the only way to encrypt all your stuff for the future time is bringing along a folder with your public and private keys...if you lose it even knowing you name comment email and password is not sufficient..right?

but what do you mean by "keep your private key safe"? even if someone stole it he ought to get to know the password to cheat me..right???

bsdunix · 04-19-2007, 10:03 PM

Quote:

... even if someone stole it he ought to get to know the password to cheat me..right???

That's why you keep your passphrase in your head and not on paper. If your passphrase get's compromised you should revoke your public key.

http://wiki.openskills.net/OpenSkill...Key+Revocation

nmh+linuxquestions.o · 04-20-2007, 12:55 AM

Quote:

Originally Posted by rinonapo

Hmm I think you miss one point here: you also have to insert a password to create the keypair.. so it seemed to me logical you had to be able to create the same keypair by entering the same information (password included!)..

Anyone can tell me the use of not permitting the recreation "by hand" of a keypair and making it instead random by using /dev/random ????

You might try searching for more information, but I think the short of it is that there is no password for certificates, or keypairs. They are just a bunch of bits. Many people choose to encrypt the private key so that if someone else gets ahold of it, there is another layer of defense.