Transferring identity to a new public key

Jonas Islander m534c.subscribe at gmail.com
Mon Feb 16 12:10:32 CET 2009


When you suspect your private key may be compromised, it's obvious
that you should revoke the key pair, upload your revocation to the key
servers, and generate a new pair. But what is "best practice" for
telling people about your new public key - transferring your identity
to it, so to speak?

Is there any point in adding a self-signed ID saying "Key compromised
- please use key with fingerprint xxxxxxxxx instead" before revoking?

I'm thinking it's pointless, since an attacker could do the same, and
use it to transfer someone's identity to a new public key, which the
rightful owner cannot revoke.

Am I right in thinking that anyone seeing a user ID of the form
"Please use key with fingerprint xxxxxxxxx instead" should ignore it
(since it may be an attempt to permanently steal someone's identity)?

Am I right in thinking that someone whose key may be compromised,
should simply revoke it and start over from scratch with a new key
pair, proving their identity to each and every person signing it?


Similarly, if you believe your private key may be compromised, is
there any point in sending signed messages to everyone who has signed
your old public key, asking them to also sign your new one?

I believe it's pointless, since the message could just as well be from
an attacker, and that anyone receiving such a message should refuse to
sign the new keys (and insist the sender prove their identity another
way). Am I right in thinking this?

I've looked for answers to these questions, but most discussions about
transferring identity to new keys seem to deal with the situation
where someone has accidentally deleted their private key or forgotten
their passphrase, not the situation where the private key is still
accessible.



More information about the Gnupg-users mailing list