Automatically generate GPG revocation certificates

OpenGPG establishes trust using the web-of-trust. If I trust you and you trust him, I can probably trust them too. This only works if I can trust you though.

Our keys are important and maintaining them is vital, after all they tell the world we said this. Once a key has been made and published that really it, it is now in the world till everything ends. So if you no longer have access to the key you have to let people know to stop using it too, this is call revocation. It’s a special signature you can sign your key with that will make it as revoked. Once a key get revoked no one will encrypt to using it any more. The problem comes from the need to access the secret key in order to generate these and if you have lost the secret key you can no longer revoke it, unless you did as you should have and created these revocation certificates before hand.

Too many people put this off or worse yet forget too, so I have created a small bash script to automate the process. You can download it bellow and see the source as well. Once downloaded you just need to change the KEYS variable to reflect they keys you wish to generate the certificates for. It will also backup your private and public keys – You have to keep these safe!

 

About the Author

Stuart McCulloch Anderson
For over a decade and a half Stuart has been in love with all things science fiction or technology and for almost fourteen of those years his operating system of choice has been one breed of Linux or another and despite some brief trips back into the world of Windows Stuart has never found him self wanting anything else.