Annuleringscert

Skapa ett annulleringscertifikat

Om du tycker hängslen och livrem inte riktigt räcker till (du är riktigt paranoid), så kan du skapa ett sk. annulleringscertifikat som du sparar offline. Med det kan man annullera din huvudnyckel+subnycklar.


bastion:~frpet1$ gpg --gen-revoke A600AF4A > /Volumes/USB-Sticka/A600AF4A.revkey

sec  4096R/A600AF4A 2012-06-04 Fredrik Pettai (exempel) <frpet1@DFRI.se>

Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 1
Enter an optional description; end it with an empty line:
> Panik-annulleringscertifikat!    
> 
Reason for revocation: Key has been compromised
Panik-annulleringscertifikat!
Is this okay? (y/N) y

You need a passphrase to unlock the secret key for
user: "Fredrik Pettai (exempel) <frpet1@DFRI.se>"
4096-bit RSA key, ID A600AF4A, created 2012-06-04

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!