-----BEGIN PGP SIGNED MESSAGE----- We have found an important bug in PGP 2.6 (and 2.5). Problem: If you store your pass phrase in the PGPPASS environment variable or supply it via the PGPPASSFD hack and you edit your key (pgp -ke) you may lose. Specifically if you edit your key and do *not* change your pass phrase, then it gets clobbered and you lose access to your private key. What to do if this happens to you: You will know that this has happened because you will edit your key and then not be able to use your private key. *IMMEDIATELY* restore your secring.pgp and pubring.pgp from the ".bak" versions that PGP automatically creates. This will put things back the way they were. Work Around: You can avoid this problem when editing your key by doing one of the two things below. 1) Remove the PGPPASS environment variable (or don't use PGPPASSFD) when editing your key. You will then have to manually type in your pass phrase when editing your key, but the pass phrase will not get clobbered this way. 2) If you still use the PGPPASS environment variable, then when the key editing process asks you if you wish to change your pass phrase answer "y" (i.e., tell it that you wish to change your pass phrase) it will then prompt you twice for your new pass phrase. Note: You can set it to what it was, effectively not really changing it. PGP will not know the difference and your pass phrase will not get clobbered. Status: This problem has a known fix and it will be included in the next release. -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAgUBLiCWkVUFZvpNDE7hAQF/GQIAoWi86mx1TylR5CUWInJrYy/L5kNB0qqB Uo/gA+u4M7YYeFEVF+voeBBRW686j2ksWaMA3ERTN8o6HWc5hrcf+A== =fXWk -----END PGP SIGNATURE-----