unrelenting.technology

Tag #gpg

A couple days ago, I saw an email from Keybase saying that someone I know started tracking me. So I typed the command to do the same and… realized I don’t remember my GPG passphrase. I’ve been using it mostly for signing git tags, but I haven’t done that in a couple months.

Brute force with rephrase and even John the Ripper didn’t help. Found the revocation certificate, printed on paper. OCR’d, fixed the text, typed it manually – β€œBad signature”.

Today, I needed to actually sign a git tag. Guess what. I remembered the passphrase! :D

This was really hard to find, but I finally found it. How to force GPG to sign using a main key, not its subkey (e.g. because IndieAuth doesn’t support subkeys): use a bang after the ID! Like this: gpg -u 0x3B011BAF! --sign --armor