Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot delete expired private key #4077

Open
todb-r7 opened this issue Nov 12, 2021 · 2 comments
Open

Cannot delete expired private key #4077

todb-r7 opened this issue Nov 12, 2021 · 2 comments

Comments

@todb-r7
Copy link

todb-r7 commented Nov 12, 2021
edited
Loading

Update: Solved, kinda. See below, #4077 (comment)

Oops, I let a key expire. I thought I updated it, but I wanged it up by not updating the subkey. I was able to update the expiration (but notably, only with the keybase app, and not in-browser and not with curl | bash).

My current public key is https://keybase.io/todb/pgp_keys.asc?fingerprint=59ef1b30a8fa5a7440ebc08908b5b91dc85943fe

GPG interprets this (correctly):

pub   rsa4096 2016-06-30 [SC] [expires: 2071-10-31]
      59EF1B30A8FA5A7440EBC08908B5B91DC85943FE
uid           [ unknown] Tod Beardsley <tod_beardsley@rapid7.com>
uid           [ unknown] Tod Beardsley (Replaces 0xEA19CAAC) <todb@packetfu.com>
uid           [ unknown] Tod Beardsley <todb@metasploit.com>
uid           [ unknown] Tod Beardsley <todb@rapid7.com>
sub   rsa4096 2016-06-30 [E] [expires: 2071-10-31]

But now, I don't think I can do anything private-keyish on Keybase, including "Delete Private Key":

image

{"code":100,"desc":"missing non-optional field kid","fields":{"kid":"missing non-optional field kid"},"name":"INPUT_ERROR"}

I also can't sign messages in the web ui, I get an error, Error: no valid primary key self-signature or key(s) have expired.

So, right now, I'm out of the private-key-on-keybase business, so kinda stuck in the worst of both worlds -- Keybase has my private key (and can trivially unexpire it and sell it to the Mafia), but I cannot use it conveniently on Keybase. :(

I imagine I'll have to reset my proofs and generate up a new keypair. What would be better would be either:

  • Allow users to unexpire their private keys
  • Notify users with increasing alarm when private keys are nearing expiration
@todb-r7 todb-r7 changed the title Cannot delete private key, possibly expired private key Cannot delete private key, possibly expired Nov 12, 2021
@todb-r7 todb-r7 changed the title Cannot delete private key, possibly expired Cannot delete expired private key Nov 12, 2021
@todb-r7
Copy link
Author

todb-r7 commented Mar 15, 2022

Welp, this is still an issue. And now I'm increasingly convinced that long-term PGP keys are dumb to have.

@todb-r7
Copy link
Author

todb-r7 commented Apr 20, 2022

Okay so I seem to have solved this, finally. I'll copy this up to the description. How to fix:

In the keybase command line, which means you've downloaded the Keybase desktop application and done all the provisioning, probably with your saved paper key.

keybase pgp list # To get the KEYBASE_PGP_ID
keybase pgp drop KEYBASE_PGP_ID

That seems to do the trick with deleting your expired key.

Next, create a new key and add it with the usual gpg shenanigans. But look out for issue #4025, so once you create a new PGP key, you need to follow the instructions in #4025 (comment) and delete the AEAD preferences (whatever those are).

Now you're back in the PGP business. And if you're like me, you hate yourself for it.

Keeping this issue open because this really wants to be fixed on the website side, too. You shouldn't have to go through this just to delete an expired PGP key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@todb-r7