Chris Poole lists at chrispoole.com wrote on Tue Dec 7 17:56:06 CET 2010 : >I'm happy to do that, I'm just trying to keep the "very long, >complicated passphrases I have to remember" to as few as possible.
There are many different ways to approach storing a revocation cerificate. ( I have a special key in a safety deposit box, that is a 'designated revoker' for all my other keys. ) Here is an option to do what you want without remembering any other passphrases except for the secret key you already have: [1] Encrypt any file (preferably a very short text message so that you can type the ciphertext as backup) to your existing key. [2] Decrypt the file with the option of --show-session-key . [3] Copy the 64 character session key to use as the passphrase to symmetrically encrypt your revocation certificate. (you can't get a more secure passphrase, ;-) ) [4] Store your symmetrically encrypted revocation certificate, and the encrypted file from step [1] in a location you consider safe for your threat models. vedaal _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
