On 08/10/2012 01:09 AM, Doug Barton wrote:
> Maybe I'm missing something in this conversation, and if so I
> apologize. But how would attaching the revocation cert to a key be
> possible in the scenario where the user lost the password?

Hi Doug,

The discussion entail having generated a revocation certificate using
--gen-revoke while having the passphrase and private key (should usually
be done at key generation and stored at a safe place, and is short
enough that a printed copy can be stored and manually typed need be)

At the time of key revocation it is then appended to the public key
using import, hence doesn't require a passphrase, the same way as A
doesn't need B's passphrase when signing B's public key.

hth

-- 
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Primum ego, tum ego, deinde ego
First I, then I, thereafter I.
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to