On 10/9/11 5:30 PM, takethe...@gmx.de wrote: > in which cases should I revoke a key in general?
Whenever you feel the private key has been compromised. Unfortunately, that just switches the question to "when should I consider a key compromised?" > Let's say I have my private key on an USB stick and lose the > stick somewhere in public. The key is protected by the mantra. I'm > sure, nobody knows the mantra except me. Should I revoke the key > or could I keep on working with a copy of it? Depends on how strong the passphrase is. I've often said that I'm willing to publish my private key in the _New York Times_, if someone is willing to pay for it. With a strong passphrase, someone getting access to your private key is not a big deal so long as you can guarantee they will never get access to your passphrase.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users