-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 07-12-2010 16:32, David Shaw escribió: > On Dec 7, 2010, at 11:56 AM, Chris Poole wrote: > >>> Why not just store the GPG encrypted file directly with the "strong >>> passphrase that I know" ? >> >> I'm happy to do that, I'm just trying to keep the "very long, >> complicated passphrases I have to remember" to as few as possible. >> >> I really just want to make sure that storing my revoke certificate >> this way (and not in any unencrypted form like on a piece of paper in >> a safe location) isn't doing something stupid. > > It's not necessarily stupid, but it might not be ideal. The idea behind > generating a revoke certificate ahead of time is to protect you in case you > lose access (forget the passphrase, delete the key, etc, etc) to your secret > key. Storing it in an encrypted bundle doesn't really help you if you forget > the passphrase to the bundle.
I (but that is ME, just my opinion) would remove that 50 characters long randomly generated passphrase. Chances are if you don't use it very often, you will forget it, and then you won't be able to revoke your keys. Or maybe, I would change it for a shorter password, easy to remember, just in case somebody steals the rev-certs while I'm at the rest-room (well, probably replacing my keys would require less time than to change all my passwords). IMHO (but again, it's just my opinion), revocation certificates don't need to be protected as much as your private keys. If somebody revokes your keys, that's bad, and you need to make new keys. But that person won't be able to sign things on your name or read your encrypted messages. It's like if somebody cuts your credit card in half: you need to replace it, but your money remains safe. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNACAxAAoJEMV4f6PvczxAtCQIAJwkxXfFliaRzI0WXvZ9q/eF NGaOa31M9zsbzVuAHkrqyws/ipCxc5r7BOq2VhKz/7yncZ2mRWSzq4OgY1nqmUw2 OhZ0V/OqpoBC/2Ichzf3t/RB97Rs7KeWeRCtI9MP6OeOIPrCN+B8+bGOoCR9aj9m +HKDc20d2pDAEwvovByu1/MmhlvKfSClUVWInJ3JYqbm9DCJ9hxU56IAswKv/QEi LBoEzefEr8npHa45JfEBp4FHbqq+E7A3S8opI1VWOpE1l0wce8QLy9jkG1ApPsCy +0THtAPkbTs8TRWqbrMOBfcOqqSlRL/6NjIZPP383pvqQJaYwoLENIF+HhrvijM= =aOhg -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
