Why revoke a key?

Robert J. Hansen rjh at sixdemonbag.org
Mon Oct 10 00:52:30 CEST 2011

On 10/9/11 5:30 PM, takethebus at gmx.de wrote:
> in which cases should I revoke a key in general?

Whenever you feel the private key has been compromised.
Unfortunately, that just switches the question to "when should I
consider a key compromised?"

> Let's  say  I  have my private key on an USB stick and lose the
> stick somewhere in public. The key is protected by the mantra. I'm
> sure, nobody knows the mantra except  me. Should I revoke the key
> or could I keep on working with a copy of it?

Depends on how strong the passphrase is.  I've often said that I'm
willing to publish my private key in the _New York Times_, if someone
is willing to pay for it.

With a strong passphrase, someone getting access to your private key
is not a big deal so long as you can guarantee they will never get
access to your passphrase.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 613 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111009/18ab7528/attachment.pgp>

More information about the Gnupg-users mailing list