On 12/7/10 2:22 PM, [email protected] wrote: > Here is an option to do what you want without remembering any other > passphrases except for the secret key you already have: > > [1] Encrypt any file (preferably a very short text message so that > you can type the ciphertext as backup) to your existing key. > > [2] Decrypt the file with the option of --show-session-key . > > [3] Copy the 64 character session key to use as the passphrase to > symmetrically encrypt your revocation certificate. > (you can't get a more secure passphrase, ;-) ) > > [4] Store your symmetrically encrypted revocation certificate, and > the encrypted file from step [1] in a location you consider safe > for your threat models. > >
But that does no good if you lose your private-key. You can't re-decrypt the file from [1] to get the symmetric key when you need it. And if you still have the private key, you don't need the revocation certificate. You can generate a new one on the fly if your key has been compromised but not lost forever. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war."
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
