Malformed Revokation Certificate?

Kristian Fiskerstrand kristian.fiskerstrand at
Fri Aug 10 01:30:38 CEST 2012

On 08/10/2012 01:09 AM, Doug Barton wrote:
> Maybe I'm missing something in this conversation, and if so I
> apologize. But how would attaching the revocation cert to a key be
> possible in the scenario where the user lost the password?

Hi Doug,

The discussion entail having generated a revocation certificate using
--gen-revoke while having the passphrase and private key (should usually
be done at key generation and stored at a safe place, and is short
enough that a printed copy can be stored and manually typed need be)

At the time of key revocation it is then appended to the public key
using import, hence doesn't require a passphrase, the same way as A
doesn't need B's passphrase when signing B's public key.


Kristian Fiskerstrand
Twitter: @krifisk
Primum ego, tum ego, deinde ego
First I, then I, thereafter I.
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
Public PGP key 0xE3EDFAE3 at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120810/53f2f4d1/attachment.pgp>

More information about the Gnupg-users mailing list