krypton-ios icon indicating copy to clipboard operation
krypton-ios copied to clipboard

Published 20 hours ago verified publisher icon kryptco

PGP User ID (Email) Management

Open rymcol opened this issue 6 years ago • 10 comments

PGP Support would be greatly improved with the ability to manage user id (emails). Currently if you change your global git config user.email property, kr will add the new email as a user id, but there seems to be no way to revoke one or change the primary user id for the key.

rymcol avatar Jan 23 '18 14:01 rymcol

Hi @rymcol, if you re-export the public key, i.e. with kr me pgp, Krypton will issue a new signature, signing any newly added user ids. Agreed that user id management is definitely needed for advanced usage, the current release tries to keep it simple by remembering only the last 3 used user-ids.

agrinman avatar Jan 23 '18 15:01 agrinman

HI @agrinman. I've been having issues related to the PGP key as well. I understand that id management is in the works, so this may already be being addressed. My issue is slightly different from above in that not only did I try to change my user email, but I also went farther in that I unpaired krypton from my laptop, uninstalled on my laptop, deleted the app and data on my iOS and started over using another email. While the SSH key generated included the new email, the PGP key still used the email I used prior to the uninstall, deleting of the app, etc.

dfundingsland avatar Feb 24 '18 14:02 dfundingsland

@dfundingsland in fact the PGP user ids are stored in keychain and does not get removed even when you delete the app (this also means you can delete krypton and reinstall and your key pair won't go away.

However, It should get removed if you destroy your key pair in the app from the settings screen (the trash icon, top right).

agrinman avatar Feb 25 '18 02:02 agrinman

@agrinman And therein lies the problem. While I do get a new key pair after destroying it in the app, it still has the previous email associated it with it, not the new one that I entered into the app.

dfundingsland avatar Feb 25 '18 04:02 dfundingsland

@dfundingsland Got it, this is a bug. Destroy should be removing emails. One (slightly annoying) remedy you can do now is cycle the email out:

  1. create a temp git repo: cd tmp && mkdir tmp-repo && git init
  2. edit the .git/config file in tmp-repo by adding
[user]
   email = <user>@<domain>
  1. do a git commit
  2. repeat 2 & 3 with three different emails

Understandably this is annoying and you might not have 3 emails you want to use, but this will get rid of the unwanted email. Apologies for the inconvenience. A fix for this & and better user id management is coming soon!

agrinman avatar Feb 25 '18 04:02 agrinman

@agrinman Thanks! I'll give it a try and will keep an eye out for the fix and better user id management.

dfundingsland avatar Feb 25 '18 04:02 dfundingsland

This isn't working for me. Here's the output I get after making three commits with three different emails:

> gpg --list-keys
-----------------------------
pub   rsa4096 2018-10-04 [SC]
      A401BC55CDA0FBC63A0C014E348CF01F43FF74E0
uid           [ unknown] F767339805536506
uid           [ unknown] Huw <[email protected]>

Here's my git log:

* d361763 (HEAD -> master) gpg: Signature made Thu  4 Oct 21:15:17 2018 AEST
| gpg:                using RSA key 348CF01F43FF74E0
| gpg: Good signature from "F767339805536506" [unknown]
| gpg:                 aka "Huw <[email protected]>" [unknown]
| gpg: WARNING: This key is not certified with a trusted signature!
| gpg:          There is no indication that the signature belongs to the owner.
| Primary key fingerprint: A401 BC55 CDA0 FBC6 3A0C  014E 348C F01F 43FF 74E0
| Add an email
* 08dff37 gpg: Signature made Thu  4 Oct 21:14:55 2018 AEST
| gpg:                using RSA key 348CF01F43FF74E0
| gpg: Good signature from "F767339805536506" [unknown]
| gpg:                 aka "Huw <[email protected]>" [unknown]
| gpg: WARNING: This key is not certified with a trusted signature!
| gpg:          There is no indication that the signature belongs to the owner.
| Primary key fingerprint: A401 BC55 CDA0 FBC6 3A0C  014E 348C F01F 43FF 74E0
| Add another email
* e98baa9 gpg: Signature made Thu  4 Oct 21:14:32 2018 AEST
  gpg:                using RSA key 348CF01F43FF74E0
  gpg: Good signature from "F767339805536506" [unknown]
  gpg:                 aka "Huw <[email protected]>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: A401 BC55 CDA0 FBC6 3A0C  014E 348C F01F 43FF 74E0
  Add a third email

For each of these, I repeatedly changed the email in ./.git/config. Am I missing something? Otherwise it looks like Krypt isn't picking up the emails correctly anymore.

> kr --version
kr version 2.4.10

huw avatar Oct 04 '18 11:10 huw

Running kr codesign again should import the new emails on the key into your gpg keychain.

kcking avatar Oct 04 '18 16:10 kcking

Sorry, I should have clarified that I already did this (and also tried kr me pgp | gpg). Neither worked.

huw avatar Oct 05 '18 00:10 huw

I have 3 email addresses associated with my kr codesign key that I just created today. The first is correct. The other two - I have no idea where they came from. Some permutations of contractions of my name with my mail provider as the domain.

I can see nowhere in the krypton app to destroy my key. How can I be sure if I create a new one - that it will be correct?

No gitconfig file on my system has the broken emails in it. Where did they come from?

pjgoodall avatar Oct 18 '21 04:10 pjgoodall