This chapter called 'What if I forgot my password' is a bridge to finding out more about email security and encryption which this challenge doesn't cover.
This first challenge is an introduction to the subject and we can't cover everything. However as people start to complete the tasks then questions do come up. Including the inevitable 'Help I forgot my password.'
This chapter is constantly evolving as more and more people take the challenge. It is also a good way to work out what should be in the second challenge.
If you forget your password or passphrase then you have to generate a new key.
But there are some things you can do. Back in Task 2 when we were creating the key we created a revocation certificate. "Think of it as a 'kill switch' for your PGP identity. You can use this certificate in case you have generated a new set of keys, or in case your old key-pair has been compromised" - OR if you have forgotten your password!
If you have forgotten your password and want to revoke your current keypair then you can do that by selecting File > Import Keys from File in the Key Management window and choosing the revocation certificate that you created earlier.
Once you have done this then you can generate a new keypair and try the process again. Don't worry about it we've all been there!
Enigmail allows you to set an expiration date and other advanced settings for your keypair, but this option isn't in the 'wizard' described in this challenge.
To create a new key pair with full control over parameters like expiration, start from the OpenPGP menu in Thunderbird and choose Key Management. You get a new window listing all your keys. From the menu in this new window, choose Generate > New Key Pair. You now have access to most of what you might do from the command line.
You can send public keys via email but another way to share your key with the world is to publish it on the public keyserver network, an online database of keys. There is more information about using Key servers as part of the Enigmail manual.
Key signing is where people present their PGP-compatible keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the PGP certificate containing that public key and the person's name, etc. This is one way to strengthen the web of trust.
These tasks were created by reusing other materials from the following Manuals.
Basic Internet Security - http://en.flossmanuals.net/basic-internet-security
Enigmail Manual - http://enigmail.mozdev.org/documentation/handbook.php.html
Thunderbird Manual - http://en.flossmanuals.net/thunderbird/
These are great places to start if you want to take your learning further.
There has been error in communication with Booktype server. Not sure right now where is the problem.
You should refresh this page.