Store revoke cert. in symmetric file?
vedaal at nym.hush.com
vedaal at nym.hush.com
Tue Dec 7 20:22:28 CET 2010
Chris Poole lists at chrispoole.com wrote on
Tue Dec 7 17:56:06 CET 2010 :
>I'm happy to do that, I'm just trying to keep the "very long,
>complicated passphrases I have to remember" to as few as possible.
There are many different ways to approach storing a revocation
cerificate.
( I have a special key in a safety deposit box, that is a
'designated revoker' for all my other keys. )
Here is an option to do what you want without remembering any other
passphrases except for the secret key you already have:
[1] Encrypt any file (preferably a very short text message so that
you can type the ciphertext as backup) to your existing key.
[2] Decrypt the file with the option of --show-session-key .
[3] Copy the 64 character session key to use as the passphrase to
symmetrically encrypt your revocation certificate.
(you can't get a more secure passphrase, ;-) )
[4] Store your symmetrically encrypted revocation certificate, and
the encrypted file from step [1] in a location you consider safe
for your threat models.
vedaal
More information about the Gnupg-users
mailing list