backing up keys etc

Faramir faramir.cl at gmail.com
Sun Sep 28 04:18:02 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Lawrence Chin escribió:

> (1) It turns out that I got a revocation certificate made long time ago
> for the current key I'm using (8e758d5f) with the file name
> "kurtc1972 at gmail.com (0x8e758d5f) rev.asc" and saved on a CD. So, if I
> need to revoke this public key in the future, I just upload it to the
> keyserver?

  IIRC, you would need to import the certificate to your keyring, and
then upload the key to the keyserver... once you have done that, there
is no coming back... And I think if you do that, you will revoke the
whole key, with all its UID... the only time I imported a revocation
certificate, the key just had one UID, so I am not 100% sure about that.
And it was very easy to import it (indeed, I didn't intend to do it).


> (2) So I used OpenPGP key management, "file" -> "export key to file" to
...
> file consists of a public key block and a private key block. Now, if my
> computer ever crushes and I have to start everything over again, like
> downloading GNUPG and Enigmail again, do I just upload these 4 asc files
> and thus regain my keys again? Is this what is known as "back up"?

  Not upload, you need to import these files to your keyring... it is
easy to do. And yes, that is the meaning of "backup"... a backup is a
file or set of files, that allow you to restore the info to the state is
was before the disaster. Of course, if you modify one of your keys, you
need to export that key again, since the backed up file would not
contain the modification...


> (3) So I generated a revocation certificate for the older, first
> experimental key for this kurtc account of mine, which I never seemed to
> have uploaded to a keyserver. Here is the log:
...
> c:\Program Files\GNU\GnuPG>
> ---------------------------------------------------------------
> I typed in the correct passphrase at my third try. Now, where can I find
> this revocation certificate? I don't even know the file name!!!

  Good question... I think it should be in the same folder where your
backup key files were exported... and the name should be something like
the one you showed us in the question n°1, something like "email address
(keyID number) rev.asc". If it is not there, it could be at C:\Documents
and Settings\YourWindowsUserName\  or maybe in the GnuPG folder, since
you was working at that folder when you generated the rev certificate.

  By the way, I use Enigmail's Key Manager to generate easily the rev
certificates. Also, if you want to revoke a key which you still control
(I mean, you have the key, and you remember the passphrase), you don't
need to use the revocation certificate, you can revoke the key using
Enigmail's Key Manager, or by using GnuPG command line, or using
GPGshell if you have installed it... the revocation certificate can be
used to revoke the keys even if you forgot the passphrase... so please
keep it out from reach of children ;)

> Hopefully soon I'll get out of my newbie status and become able to help
> someone too!

  Yes, maybe we can answer the easy question, and leave the hard ones to
the experts...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJI3ulaAAoJEMV4f6PvczxAgd4IAJWNDJs+sfhfQWxQHgoDjw7C
ybdOfpYwP2jxK3x8pl3MrvYk6ghIzBBwIe4lYoVWtboUfu7F5Vu00HaYUwL3PMQo
yjygpXY8vZd6u6gnFoInCup9xJCw5jmLXH7KNvwcSWRVm9LHhu9IhFpx+qWZOXB3
EEBhXBospRwPYzJF0YY6/zDtFIu+a9pEwclM3FhMo/G/DXeJvbX92KfOAzghpYjH
iBjjik7gg3ky47b92zaqTvldjl7MQVM/9ekxkohiPXTOgAaiC5OPlt8qDDoPHfks
yhLKHEVQEMKjmmf49BROYfl04TRb3vIefcxSPPgyu0M2hflHDk74fG3HGh4/ZeQ=
=mloW
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list