[kdepim-users] About Crypto
Ingo Klöcker
kloecker at kde.org
Wed Jan 7 21:09:06 GMT 2009
On Wednesday 07 January 2009, Kishore wrote:
> On Wednesday 07 Jan 2009 10:24:00 pm Werner Joss wrote:
> > Am Mittwoch 07 Januar 2009 15:41:38 schrieb Kishore:
> > > I used kleopatra to create a certificate for me. In the end it
> > > when i chose to upload the certificate to a directory service, it
> > > defaulted to keys.gnupg.net but then it warned me that before
> > > exporting, i should make sure i have created a "revocation
> > > certificate" so that i could revoke the certificate if needed
> > > later. What does revocation certificate mean? And how do I create
> > > it?
> >
> > from http://www.gnupg.org/gph/en/manual/c14.html :
> >
> > After your keypair is created you should immediately generate a
> > revocation certificate for the primary public key using the option
> > --gen-revoke. If you forget your passphrase or if your private key
> > is compromised or lost, this revocation certificate may be
> > published to notify others that the public key should no longer be
> > used. A revoked public key can still be used to verify signatures
> > made by you in the past, but it cannot be used to encrypt future
> > messages to you. It also does not affect your ability to decrypt
> > messages sent to you in the past if you still do have access to the
> > private key.
>
> Thanks! I followed that and here is my first signed message!
I suggest to print the revocation certificate on paper and store it
somewhere secure. This way you'll be able to revoke your key even if
all electronically stored versions of your (private) key and all
electronically stored versions of the revocation certificate are lost.
You can also consider printing your private key on paper as
non-electronic backup. Use paperkey
(http://www.jabberwocky.com/software/paperkey/) for this. It was
written by David Shaw, one of the main developers of GnuPG.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20090107/f6d8a455/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
More information about the kdepim-users
mailing list