#121 new
Luke Le

Warn the user if they uploaded a public key to a keyserver and want to delete the secret key

Reported by Luke Le | January 11th, 2012 @ 02:51 PM

We've just had an issue where a user deleted their private key which was connected
to a public key uploaded to a keyserver.
He deleted the key because things were not working properly and create a new one.

Now his friend fetched the public key from the keyserver and send him an email, but
the email couldn't be decrypted because the secret key was already gone.

It's pretty trick to prevent this problem but one starting point could be if GPG Keychain Access checked the keyserver to see if the public key to a secret key was already published (also keep track of publish key actions directly in GPG Keychain Access) and
warned the user about the fact that their public key is on a keyserver and that if they deleted the secret key new message wouldn't decrypt anymore.

UPDATE: After some discussion we think it's best to export the secret key before deleting it. That way the user can always undo the operation, and since the key is still encrypted using its passphrase, it's just as secure as if it was still in the secring.gpg file.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins