Revocation certificates

Werner Koch wk at gnupg.org
Thu Jan 23 22:26:33 CET 2014


On Thu, 23 Jan 2014 21:25, ekleog at gmail.com said:

> PS: Please, do not tell me one might have forgotten his passphrase. In this case
> there is no harm in shredding the secret key and waiting for the expiration

Experience has shown that this is the most common reason why there are
so many secret keys on the servers which are useless.  Further, an
expiration data is not set by default and waiting a year until the key
expired is not a good option.

Further, it is also common that a secret key is lost (disk crash - no
backup, backup not readable or too old) or simply stolen.  This has the
same effect as a forgotten passphrase.  In particular in the stolen key
case, you want to immediately revoke it and not wait until you can
restore the key from a backup stored at some safe place.

There are other rare scenarios, for example a high security key in a far
away place, you are traveling and you want to immediately revoke the key
for whatever reason.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list