On 08/10/2012 01:09 AM, Doug Barton wrote: > Maybe I'm missing something in this conversation, and if so I > apologize. But how would attaching the revocation cert to a key be > possible in the scenario where the user lost the password?
Hi Doug, The discussion entail having generated a revocation certificate using --gen-revoke while having the passphrase and private key (should usually be done at key generation and stored at a safe place, and is short enough that a printed copy can be stored and manually typed need be) At the time of key revocation it is then appended to the public key using import, hence doesn't require a passphrase, the same way as A doesn't need B's passphrase when signing B's public key. hth -- ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk ---------------------------- Primum ego, tum ego, deinde ego First I, then I, thereafter I. ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
