Store revoke cert. in symmetric file?
Grant Olson
kgo at grant-olson.net
Tue Dec 7 20:40:03 CET 2010
On 12/7/10 2:22 PM, vedaal at nym.hush.com wrote:
> Here is an option to do what you want without remembering any other
> passphrases except for the secret key you already have:
>
> [1] Encrypt any file (preferably a very short text message so that
> you can type the ciphertext as backup) to your existing key.
>
> [2] Decrypt the file with the option of --show-session-key .
>
> [3] Copy the 64 character session key to use as the passphrase to
> symmetrically encrypt your revocation certificate.
> (you can't get a more secure passphrase, ;-) )
>
> [4] Store your symmetrically encrypted revocation certificate, and
> the encrypted file from step [1] in a location you consider safe
> for your threat models.
>
>
But that does no good if you lose your private-key. You can't
re-decrypt the file from [1] to get the symmetric key when you need it.
And if you still have the private key, you don't need the revocation
certificate. You can generate a new one on the fly if your key has been
compromised but not lost forever.
--
Grant
"I am gravely disappointed. Again you have made me unleash my dogs of war."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101207/b4986a60/attachment.pgp>
More information about the Gnupg-users
mailing list