invalid gpg key revocation
mailinglisten at hauke-laging.de
Tue Mar 6 00:13:43 CET 2012
Am Montag, 5. März 2012, 22:36:42 schrieb Ingo Klöcker:
> I have verified that one can generate a revocation certificate without
> entering a passphrase if one has previously signed something (e.g. an
> email). So, it was probably just a very nasty prank.
I assume that ist possible only if the main key has been required for the
action during which the passphrase has been cached. So having subkeys for
encryption and signing should protect from this "problem".
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users