Store revoke cert. in symmetric file?

David Shaw dshaw at
Tue Dec 7 16:24:22 CET 2010

On Dec 7, 2010, at 8:05 AM, Chris Poole wrote:

> I want to check I'm not doing something stupid.
> I have backed up my .gnupg directory, including my revoke certificate,
> to a symmetrically-encrypted tar file.
> The password for this is a 50 character randomly-generated, stored in
> my KeePass database (protected via a strong passphrase that I know).
> ---
> I should be fine to keep this file and the KeePass database on many
> locations, and I'm not somehow compromising my private key or revoke
> certificate? (Standard CAST cipher for the gpg file, AES-256 for the
> KeePass DB.)

It's hard to answer as there are more factors in play here than what you give above.  Given the layers you describe (the GPG passphrase is stored in KeePass, and the GPG encrypted file is stored alongside the KeePass database) I'm not sure where the benefit is in the extra KeePass layer.  Why not just store the GPG encrypted file directly with the "strong passphrase that I know" ?


More information about the Gnupg-users mailing list