An0n0m0us

Need to pick the brains of someone with PGP expertise so before I post the question is there anyone here who has technical knowledge of PGP and running a key server and email protection?

markjmd

iTrader: (11)

I've done similar plenty of times. What do you need to know?

An0n0m0us

OK cheers.

I've got all my emails from my last employer protected by PGP so I can't open them. However before I left I made a backup of my PGP keys.

I have installed a PGP client and loaded the keys but it won't recognise my pass phrase when I tell the client to sign the keys.

I'm assuming having a client and the keys isn't enough to open the emails and I still need access to the original PGP key server that issued the keys? And without access to that the emails are locked for ever?

Or am I doing something wrong and the client and the keys should be all I need? I documented the pass phrases (secure wallet) when they were created so one when the keys were created and one I use for opening emails and it simply won't recognise the pass phrases as the correct one.

When I look at the keys through the client I can see all the RSA signatures are expired so is this why my pass phrases won't work as the key server is needed to keep the keys alive?

bludgod

iTrader: (3)

when you exported your keys, did you also export your private key or just the public key? It's possible you only have the public key and that's why you can't decrypt the info.

Alternatively you have to tell PGP that your newly imported key is a trusted key - but check the key settings first as its more likely you don't have both parts of the keyring.

An0n0m0us

Cheers yes I have both keys pkr and skr files. It's getting them trusted I haven't managed yet as it isn't accepting my pass phrase

bludgod

iTrader: (3)

the pass phrase will be linked to the secret key not the server it was registered on - the server registration is more for public key distribution and verification so it should match up assuming your entering it correctly.

An0n0m0us

OK so when I double click on one of the pgp emails it asks me to enter my pass phrase and in the top half of the dialogue box is says 2 unknown keys so I obviously need to make them trusted. How do I do that from within the client?

bludgod

iTrader: (3)

it's in the key properties, you should've had a popup when importing the key prompting you to set the trust properties (you want implicit trust for these ones).

An0n0m0us

I don't recall being asked that. So should i delete the keys out the client and re-import them?

bludgod

iTrader: (3)

yes - remove the keys and add them in again you should be prompted to set trust levels when importing if they were exported correctly.

An0n0m0us

OK uninstalled the client and reinstalled and added the keys but no prompt to set the trust level. If I open the key properties it says they are trusted with a tick next to implicit trust

bludgod

iTrader: (3)

should be good to go then, if they mails were signed with one of those keys and you have the passphrase it should click right in. Is it possible you had an additional shared secret key that was used to encrypt these messages?

What happens if you just cut and paste the message content into a notepad document and try to decrypt that from clipboard?

An0n0m0us

It just says the pass phrase isn't matching up to any of the keys. It's the pass phrase I was using whilst working at the place so no idea why it doesn't work now.

JackClark

As in you had to enter it all the time?

An0n0m0us

I think there was a time frame of a few minutes of once entering the password you didn't have to re enter the password but it was very short so realistically it was every time you needed to open a pgp'd email.

I'm still thinking I can't open these emails as it wants a connection to the pgp/key server.

hodgy0_2

it might need to contact the server for "revocation"

i.e. to see if the key has been revoked - because it can't find the server it denies access

markjmd

iTrader: (11)

Revocation could definitely be an issue. I don't know what logging options a PGP client might have built-in to allow you to see if that's what's really happening, but one other easy way to confirm would be to run a packet-trace while you start it up and try to use it, and look for connections on relevant ports or to relevant hosts that would correspond with the old location of the server (or nslookups for the server, which will in all likelihood fail).

An0n0m0us

I think this is what is happening because there is my key pair but also the company rsa keys pointing back to the key server and they all seem linked i.e. i'm assuming my keys will only work once the company rsa keys have authenticated on the pgp server. Can't think of any other reason as i'm using the right pass phrase and it just won't accept it.