Comments on: Revoking a GPG Key Pair http://carthik.net/blog/vault/2005/05/25/revoking-a-gpg-key-pair/ Life, Research and Everything Else. Wed, 08 Jul 2009 16:30:11 +0000 hourly 1 http://wordpress.org/?v=3.1 By: admin http://carthik.net/blog/vault/2005/05/25/revoking-a-gpg-key-pair/comment-page-1/#comment-9026 admin Tue, 16 Aug 2005 15:11:51 +0000 http://blog.carthik.net/vault/2005/05/25/revoking-a-gpg-key-pair/#comment-9026 The revocation certificate does not need to be deciphered using a key. That is what it is, a key to unlock and destroy the old keypair. The revocation certificate does not need to be deciphered using a key. That is what it is, a key to unlock and destroy the old keypair.

]]> By: Zwack http://carthik.net/blog/vault/2005/05/25/revoking-a-gpg-key-pair/comment-page-1/#comment-9020 Zwack Sun, 14 Aug 2005 14:25:45 +0000 http://blog.carthik.net/vault/2005/05/25/revoking-a-gpg-key-pair/#comment-9020 But... If you forget your passphrase and want to revoke your key, surely you need to be able to decrypt the revocation certificate. If you can't remember your passphrase what chance do you have of remembering the key used for your revocation certificate? Actually, I can remember my passphrase, just not the right one. Z. But… If you forget your passphrase and want to revoke your key, surely you need to be able to decrypt the revocation certificate. If you can’t remember your passphrase what chance do you have of remembering the key used for your revocation certificate?

Actually, I can remember my passphrase, just not the right one.

Z.

]]> By: Richih http://carthik.net/blog/vault/2005/05/25/revoking-a-gpg-key-pair/comment-page-1/#comment-7230 Richih Fri, 27 May 2005 11:16:30 +0000 http://blog.carthik.net/vault/2005/05/25/revoking-a-gpg-key-pair/#comment-7230 As the one who helped you doing this, I would like to point out two inportant additions: 1) Encrypt your revoke cert with gpg -c file. As you are using symmetric encryption with -c, the password is the only key you need. Then, burn the key on a cd (or two), store them away properly and erase the key plus any temp files the burning program might have created (also, dd if=/dev/zero of=/partition/of/swap might be a good idea, /dev/urandom for the tin foil hats) 2) You can enable others to generate revokation keys for your own private key with via gpg --desig-revoke (or just hand them a cd with your encrypted revoke cert if you trust them not to brute-force it ;) RichiH As the one who helped you doing this, I would like to point out two inportant additions:

1) Encrypt your revoke cert with gpg -c file. As you are using symmetric encryption with -c, the password is the only key you need. Then, burn the key on a cd (or two), store them away properly and erase the key plus any temp files the burning program might have created (also, dd if=/dev/zero of=/partition/of/swap might be a good idea, /dev/urandom for the tin foil hats)

2) You can enable others to generate revokation keys for your own private key with via gpg –desig-revoke (or just hand them a cd with your encrypted revoke cert if you trust them not to brute-force it ;)

RichiH

]]>