6.5.8ckt: Creating Revocation Cert in Advance - PGP

This is a discussion on 6.5.8ckt: Creating Revocation Cert in Advance - PGP ; The Subject more or less tells it. I am using PGP 6.5.8ckt. Elsewhere I have read that it may be a good idea to create a revocation certificate in advance in case of compromised keys or (especially) a forgotten password. ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: 6.5.8ckt: Creating Revocation Cert in Advance

  1. 6.5.8ckt: Creating Revocation Cert in Advance

    The Subject more or less tells it. I am using PGP 6.5.8ckt.
    Elsewhere I have read that it may be a good idea to create a revocation
    certificate in advance in case of compromised keys or (especially) a
    forgotten password. However, unless I have completely missed it, I see
    no way with this version of PGP to create a revocation certificate,
    store it, and go on using the same key pair.

    --
    Paul Bartlett
    bartlett at smart dot net
    PGP key info in message headers


  2. Re: 6.5.8ckt: Creating Revocation Cert in Advance

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Paul O. BARTLETT" writes:

    > The Subject more or less tells it. I am using PGP 6.5.8ckt.
    >Elsewhere I have read that it may be a good idea to create a revocation
    >certificate in advance in case of compromised keys or (especially) a
    >forgotten password. However, unless I have completely missed it, I see
    >no way with this version of PGP to create a revocation certificate,
    >store it, and go on using the same key pair.


    Copy your keyrings to a safe place (a different directory).

    Revoke your key.

    Export your key to a file. That's the revocation certificate.

    Copy your saved keyrings back. This restores the status quo before
    revocation.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (SunOS)

    iD8DBQFALsh8vmGe70vHPUMRAuSXAKCPxUvUJnq8inssLwYp2Y ZCeVcmOwCgpkdc
    iNjbVYwYCfqaRg4+dOeygGE=
    =smVC
    -----END PGP SIGNATURE-----


  3. Re: 6.5.8ckt: Creating Revocation Cert in Advance

    Paul O. BARTLETT wrote...

    > The Subject more or less tells it. I am using PGP 6.5.8ckt.
    > Elsewhere I have read that it may be a good idea to create a revocation
    > certificate in advance in case of compromised keys or (especially) a
    > forgotten password. However, unless I have completely missed it, I see
    > no way with this version of PGP to create a revocation certificate,
    > store it, and go on using the same key pair.


    Make a backup copy of your key rings (pubring.pkr and secring.skr). Open
    PGPKeys and revoke your keys. Export the revoked keys to a file. Copy the
    backup key rings back over top of the pubring.pkr and secring.skr files
    in your PGP folder.

    Store the exported, revoked keys somewhere safe. They are your revocation
    certificates.


  4. Re: 6.5.8ckt: Creating Revocation Cert in Advance

    Publicly much obliged to Neil W Rickert and
    Copelandia Cyanescens for their related and useful
    answers to my inquiry.

    --
    Paul Bartlett
    bartlett at smart dot net
    PGP key info in message headers


+ Reply to Thread