Store revoke cert. in symmetric file?

Grant Olson kgo at
Tue Dec 7 20:40:03 CET 2010

On 12/7/10 2:22 PM, vedaal at wrote:
> Here is an option to do what you want without remembering any other 
> passphrases except for the secret key you already have:
> [1] Encrypt any file (preferably a very short text message so that 
> you can type the ciphertext as backup) to your existing key.
> [2] Decrypt the file with the option of --show-session-key .
> [3] Copy the 64 character session key to use as the passphrase to  
> symmetrically encrypt your revocation certificate.
> (you can't get a more secure passphrase, ;-)   )
> [4] Store your symmetrically encrypted revocation certificate, and 
> the encrypted file from step [1] in a location you consider safe 
> for your threat models.

But that does no good if you lose your private-key.  You can't
re-decrypt the file from [1] to get the symmetric key when you need it.
 And if you still have the private key, you don't need the revocation
certificate.  You can generate a new one on the fly if your key has been
compromised but not lost forever.


"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101207/b4986a60/attachment.pgp>

More information about the Gnupg-users mailing list