Passphrase

Grant Olson kgo at grant-olson.net
Wed Apr 27 08:29:51 CEST 2011


On 04/26/2011 06:38 PM, Stephen H. Dawson wrote:
> Hi,
>  
>  
> Dire need, hoping for help.
>  
> I have my private and public keys, but you have neither the passphrase
> nor a revocation certificate.  I need to revoke my published key.  Can
> they recommend a bash script to discover the passphrase using brute
> force on the private key?
> 

If you're only worried about the revocation certificate, and not
recovering encrypted documents, then not being able to revoke the key
isn't the end of the world.  There are plenty of dead keys floating
around the keyservers.

Issuing a revocation would be more critical if you thought the key had
been compromised.  But if the private key inaccessible to everyone,
including you, I don't think there are any exploits you need to worry about.

Just create a new key and let your contacts know about it.  If someone
sends something to your old key, just reply letting them know you don't
have the key, and they need to encrypt to your new one in the future.

(And of course take a little more care with your backups and revocation
certificates this time around.)

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110427/4bf57a84/attachment.pgp>


More information about the Gnupg-users mailing list