Store revoke cert. in symmetric file?
kgo at grant-olson.net
Tue Dec 7 20:40:03 CET 2010
On 12/7/10 2:22 PM, vedaal at nym.hush.com wrote:
> Here is an option to do what you want without remembering any other
> passphrases except for the secret key you already have:
>  Encrypt any file (preferably a very short text message so that
> you can type the ciphertext as backup) to your existing key.
>  Decrypt the file with the option of --show-session-key .
>  Copy the 64 character session key to use as the passphrase to
> symmetrically encrypt your revocation certificate.
> (you can't get a more secure passphrase, ;-) )
>  Store your symmetrically encrypted revocation certificate, and
> the encrypted file from step  in a location you consider safe
> for your threat models.
But that does no good if you lose your private-key. You can't
re-decrypt the file from  to get the symmetric key when you need it.
And if you still have the private key, you don't need the revocation
certificate. You can generate a new one on the fly if your key has been
compromised but not lost forever.
"I am gravely disappointed. Again you have made me unleash my dogs of war."
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 559 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users