a Revocation Certificate
Once you have created your keypair, you should create a
revocation certificate for your public key. If you forget your
passphrase, or if it has been compromised, you can publish this
certificate to inform users that your public key should no longer
When you generate a revocation certificate, you are not revoking
the key you just created. Instead, you are giving yourself a safe
way to revoke your key from public use in case you forget your
passphrase, switch ISPs (addresses), or suffer a hard drive crash.
The revocation certificate can then be used to disqualify your
Your signature is valid to others who read your correspondence
before your key is revoked, and you are able to decrypt messages
received prior to its revocation. To generate a revocation
certificate, use the --gen-revoke
Note that if you omit the --output
revoke.asc option from the above, your revocation certificate
is returned to the standard output, which is your monitor screen.
While you can copy and paste the contents of the output into a file
of your choice using a text editor, it is probably easier to send
the output to a file in your login directory. That way, you can
keep the certificate for use later, or move it to a diskette and
store it someplace safe.
The output looks similar to the following:
sec 1024D/823D25A9 2000-04-26 Your Name <[email protected]>
Create a revocation certificate for this key?
Press [Y] and [Enter] > to create a revocation certificate for
the listed key. Next, you are asked to select the reason for
revocation and provide an optional description. After confirming
the reason, enter the passphrase you used to generate the key.
Once your revocation certificate has been created (revoke.asc), it is located in your login directory.
You should copy the certificate to a diskette and store it in a
secure place. (If you do not know how to copy a file to a diskette
in Red Hat Enterprise Linux, see the Red Hat
Enterprise Linux Step By Step Guide, Section 13.1 Using