Store revoke cert. in symmetric file?

vedaal at vedaal at
Tue Dec 7 20:22:28 CET 2010

Chris Poole lists at wrote on
Tue Dec 7 17:56:06 CET 2010 :

>I'm happy to do that, I'm just trying to keep the "very long,
>complicated passphrases I have to remember" to as few as possible.

There are many different ways to approach storing a revocation 
( I have a special key in a safety deposit box, that is a 
'designated revoker' for all my other keys. )

Here is an option to do what you want without remembering any other 
passphrases except for the secret key you already have:

[1] Encrypt any file (preferably a very short text message so that 
you can type the ciphertext as backup) to your existing key.

[2] Decrypt the file with the option of --show-session-key .

[3] Copy the 64 character session key to use as the passphrase to  
symmetrically encrypt your revocation certificate.
(you can't get a more secure passphrase, ;-)   )

[4] Store your symmetrically encrypted revocation certificate, and 
the encrypted file from step [1] in a location you consider safe 
for your threat models.


More information about the Gnupg-users mailing list