Store revoke cert. in symmetric file?

David Shaw dshaw at
Tue Dec 7 20:32:16 CET 2010

On Dec 7, 2010, at 11:56 AM, Chris Poole wrote:

>> Why not just store the GPG encrypted file directly with the "strong passphrase that I know" ?
> I'm happy to do that, I'm just trying to keep the "very long,
> complicated passphrases I have to remember" to as few as possible.
> I really just want to make sure that storing my revoke certificate
> this way (and not in any unencrypted form like on a piece of paper in
> a safe location) isn't doing something stupid.

It's not necessarily stupid, but it might not be ideal.  The idea behind generating a revoke certificate ahead of time is to protect you in case you lose access (forget the passphrase, delete the key, etc, etc) to your secret key.  Storing it in an encrypted bundle doesn't really help you if you forget the passphrase to the bundle.


More information about the Gnupg-users mailing list