[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Developer security questions.

On 1 Jul 1999, Jens Ritter wrote:

> In every case keep a copy of your secret ring in a known safe
> place. If you do not have done it know, copy it to a floppy know! Do
> not do it because you are paranoid, do it because you will be able to
> issue a key revocation certificate in case your key gets compromised.

I create a revocation certificate immediately after generating a key.  (I
back up my key rings before doing this, of course.)  I encrypt it
symmetrically, then secure a hardcopy.  I hope it's clear why storing a
revocation certificate is better than storing the secret key, even when
both are encrypted.

I had to use my hardcopy revocation certificate earlier this year, when
the medium containing my old secret key became unavailable.  It wasn't
much fun typing it out, and it took me several tries before I got it all
right, but it was certainly better than either not having one at all, or
cursing at a floppy that developed errors.

William Ono <wmono@debian.org>                             PGP key: 0x93BA6AFD
 fingerprint = E3 64 C5 43 3E B3 2D A6  C6 D7 E3 45 90 24 78 DE = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."

Reply to: