Help me to import my secret key please

MFPA expires2010 at
Mon May 17 18:47:33 CEST 2010

Hash: SHA512


On Wednesday 12 May 2010 at 9:48:34 PM, in
<mid:4BEB1422.8030604 at>, Daniel Kahn Gillmor wrote:

> On 05/12/2010 02:06 PM, MFPA wrote:
>> Although the comment could just state it was his new key from
>> dd/mm/yyyy without mentioning any other key(s).

> even this comment would be superfluous, since the key
> has a "Created on" timestamp built in.

Of course; the un-necessary comment would simply add emphasis.

>  Also, his
> statement isn't really part of a person's identity,
> which makes it more dubious to put it in the User ID as
> well.

Nearly 20% of the keys in my keyring have something in the User ID
that is clearly not part of a person's identity.

What would you say was a non-dubious use of the "comment" field within
the User ID?


> Expiry dates on keys are only useful as a safeguard
> against accidental destruction of the secret key
> material, not against loss of control of the secret key
> material to a malicious party.

True. An expiry date would have been useful on the thread-starter's
key, which was lost in a system failure, but obviously not in the case
of a compromised secret key.

> This whole scenario is a good argument for what is
> already accepted best-practice: generate a
> worst-case-scenario revocation certificate immediately
> after generating your key, and store that revocation
> certificate securely in an offline place (e.g. print it
> to good paper and destroy the digital copy).  This
> means there are no extra keys to manage, and no third
> parties to rely on (unless you want to send a copy of
> your revocation certificate to a trusted friend for use
> in an emergency).

A good point, well made.

- --
Best regards

MFPA                    mailto:expires2010 at

Dogs look up to us. Cats look down on us. Pigs treat us as equals.


More information about the Gnupg-users mailing list