From item 3.7 of the PGP Faq (http://www.faqs.org/faqs/pgp-faq):
== 3.7. What if I forget my pass phrase? In a word: DON'T. ... == Okay, so I didn't rtfm ;-). Here's the deal. A while back I had three different pgp keys. I used two of them on a regular basis, but the third one got pretty stale. I had submitted one of the two frequently used keys to one of the pgp key servers. Then I read that it was a good idea (i.e.: essential) that for best security you should use always make keys expire in one or at most two years. All of my keys were really old. So, I was preparing an expiration certificate for the one key I submitted to the key servers and decrypting everything I had encrypted with any of the two keys I had been using. All files were unencrypted, the key was revoked, and I was ready to extract it and submit to a key server to invalidate my key. Without realizing it, instead of extracting the newly revoked key, I extracted the one key I hadn't used at all and submitted it to a key server. So instead of revoking the key that was sitting in the key server databases, I submitted a second key. And you guessed it -- because I hadn't really used the key, I've forgotten the passphrase. As a result, I can't revoke the key. Any suggestions to help me out of this predicament? It's not too serious, since nothing's encrypted with it, but I just don't like having a bogus pgp public key floating around out there. -- -Paul Iadonisi Senior Systems Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
