search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
902 stars 37 forks source link

Cannot delete expired private key #4077

Open todb-r7 opened 2 years ago

todb-r7 commented 2 years ago

Update: Solved, kinda. See below, https://github.com/keybase/keybase-issues/issues/4077#issuecomment-1104421318

Oops, I let a key expire. I thought I updated it, but I wanged it up by not updating the subkey. I was able to update the expiration (but notably, only with the keybase app, and not in-browser and not with curl | bash).

My current public key is https://keybase.io/todb/pgp_keys.asc?fingerprint=59ef1b30a8fa5a7440ebc08908b5b91dc85943fe

GPG interprets this (correctly):

pub   rsa4096 2016-06-30 [SC] [expires: 2071-10-31]
      59EF1B30A8FA5A7440EBC08908B5B91DC85943FE
uid           [ unknown] Tod Beardsley <tod_beardsley@rapid7.com>
uid           [ unknown] Tod Beardsley (Replaces 0xEA19CAAC) <todb@packetfu.com>
uid           [ unknown] Tod Beardsley <todb@metasploit.com>
uid           [ unknown] Tod Beardsley <todb@rapid7.com>
sub   rsa4096 2016-06-30 [E] [expires: 2071-10-31]

But now, I don't think I can do anything private-keyish on Keybase, including "Delete Private Key":

image

{"code":100,"desc":"missing non-optional field kid","fields":{"kid":"missing non-optional field kid"},"name":"INPUT_ERROR"}

I also can't sign messages in the web ui, I get an error, Error: no valid primary key self-signature or key(s) have expired.

So, right now, I'm out of the private-key-on-keybase business, so kinda stuck in the worst of both worlds -- Keybase has my private key (and can trivially unexpire it and sell it to the Mafia), but I cannot use it conveniently on Keybase. :(

I imagine I'll have to reset my proofs and generate up a new keypair. What would be better would be either:

todb-r7 commented 2 years ago

Welp, this is still an issue. And now I'm increasingly convinced that long-term PGP keys are dumb to have.

todb-r7 commented 2 years ago

Okay so I seem to have solved this, finally. I'll copy this up to the description. How to fix:

In the keybase command line, which means you've downloaded the Keybase desktop application and done all the provisioning, probably with your saved paper key.

keybase pgp list # To get the KEYBASE_PGP_ID
keybase pgp drop KEYBASE_PGP_ID

That seems to do the trick with deleting your expired key.

Next, create a new key and add it with the usual gpg shenanigans. But look out for issue #4025, so once you create a new PGP key, you need to follow the instructions in https://github.com/keybase/keybase-issues/issues/4025#issuecomment-853933127 and delete the AEAD preferences (whatever those are).

Now you're back in the PGP business. And if you're like me, you hate yourself for it.

Keeping this issue open because this really wants to be fixed on the website side, too. You shouldn't have to go through this just to delete an expired PGP key.