PGP User ID (Email) Management

[rymcol]

PGP Support would be greatly improved with the ability to manage user id (emails). Currently if you change your global git config user.email property, kr will add the new email as a user id, but there seems to be no way to revoke one or change the primary user id for the key.

[agrinman]

Hi @rymcol, if you re-export the public key, i.e. with kr me pgp, Krypton will issue a new signature, signing any newly added user ids. Agreed that user id management is definitely needed for advanced usage, the current release tries to keep it simple by remembering only the last 3 used user-ids.

[dfundingsland]

HI @agrinman. I've been having issues related to the PGP key as well. I understand that id management is in the works, so this may already be being addressed. My issue is slightly different from above in that not only did I try to change my user email, but I also went farther in that I unpaired krypton from my laptop, uninstalled on my laptop, deleted the app and data on my iOS and started over using another email. While the SSH key generated included the new email, the PGP key still used the email I used prior to the uninstall, deleting of the app, etc.

[agrinman]

@dfundingsland in fact the PGP user ids are stored in keychain and does not get removed even when you delete the app (this also means you can delete krypton and reinstall and your key pair won't go away.

However, It should get removed if you destroy your key pair in the app from the settings screen (the trash icon, top right).

[dfundingsland]

@agrinman And therein lies the problem. While I do get a new key pair after destroying it in the app, it still has the previous email associated it with it, not the new one that I entered into the app.

[agrinman]

@dfundingsland Got it, this is a bug. Destroy should be removing emails. One (slightly annoying) remedy you can do now is cycle the email out:

1. create a temp git repo: cd tmp && mkdir tmp-repo && git init
2. edit the .git/config file in tmp-repo by adding

[user]
   email = <user>@<domain>

3. do a git commit
4. repeat 2 & 3 with three different emails

Understandably this is annoying and you might not have 3 emails you want to use, but this will get rid of the unwanted email. Apologies for the inconvenience. A fix for this & and better user id management is coming soon!

[dfundingsland]

@agrinman Thanks! I'll give it a try and will keep an eye out for the fix and better user id management.

[huw]

This isn't working for me. Here's the output I get after making three commits with three different emails:

> gpg --list-keys
-----------------------------
pub   rsa4096 2018-10-04 [SC]
      A401BC55CDA0FBC63A0C014E348CF01F43FF74E0
uid           [ unknown] F767339805536506
uid           [ unknown] Huw <[email protected]>

Here's my git log:

* d361763 (HEAD -> master) gpg: Signature made Thu  4 Oct 21:15:17 2018 AEST
| gpg:                using RSA key 348CF01F43FF74E0
| gpg: Good signature from "F767339805536506" [unknown]
| gpg:                 aka "Huw <[email protected]>" [unknown]
| gpg: WARNING: This key is not certified with a trusted signature!
| gpg:          There is no indication that the signature belongs to the owner.
| Primary key fingerprint: A401 BC55 CDA0 FBC6 3A0C  014E 348C F01F 43FF 74E0
| Add an email
* 08dff37 gpg: Signature made Thu  4 Oct 21:14:55 2018 AEST
| gpg:                using RSA key 348CF01F43FF74E0
| gpg: Good signature from "F767339805536506" [unknown]
| gpg:                 aka "Huw <[email protected]>" [unknown]
| gpg: WARNING: This key is not certified with a trusted signature!
| gpg:          There is no indication that the signature belongs to the owner.
| Primary key fingerprint: A401 BC55 CDA0 FBC6 3A0C  014E 348C F01F 43FF 74E0
| Add another email
* e98baa9 gpg: Signature made Thu  4 Oct 21:14:32 2018 AEST
  gpg:                using RSA key 348CF01F43FF74E0
  gpg: Good signature from "F767339805536506" [unknown]
  gpg:                 aka "Huw <[email protected]>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: A401 BC55 CDA0 FBC6 3A0C  014E 348C F01F 43FF 74E0
  Add a third email

For each of these, I repeatedly changed the email in ./.git/config. Am I missing something? Otherwise it looks like Krypt isn't picking up the emails correctly anymore.

> kr --version
kr version 2.4.10

[kcking]

Running kr codesign again should import the new emails on the key into your gpg keychain.

[huw]

Sorry, I should have clarified that I already did this (and also tried kr me pgp | gpg). Neither worked.

[pjgoodall]

I have 3 email addresses associated with my kr codesign key that I just created today. The first is correct. The other two - I have no idea where they came from. Some permutations of contractions of my name with my mail provider as the domain.

I can see nowhere in the krypton app to destroy my key. How can I be sure if I create a new one - that it will be correct?

No gitconfig file on my system has the broken emails in it. Where did they come from?