4. How do i create a gpg revocation certificate?

How do i create a gpg revocation certificate?


  • Man page for gpg.

    If the private key is compromised, stolen or deleted. A revocation certificate can warn others not to trust future signatures and any encrypted data that used the public key.

    $ gpg --gen-revoke 17D387CD > ~/.gnupg/revocation-17D387CD.crt

sec  4096R/17D387CD 2019-02-24 NiceTree (Fine Oak Trees) <[email protected]>

Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 3
Enter an optional description; end it with an empty line:
> Obsolete software 
> 
Reason for revocation: Key is no longer used
Obsolete software
Is this okay? (y/N) y

You need a passphrase to unlock the secret key for
user: "NiceTree (Fine Oak Trees) <[email protected]>"
4096-bit RSA key, ID 17D387CD, created 2019-02-24

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!
linux 595 unix 149 security 123
Log in to reply
 

© Lightnetics 2024