gpg: Auto-create revocation certificates.

* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define. * g10/revoke.c (create_revocation): Add arg "leadin". (gen_standard_revoke): New. * g10/openfile.c (get_openpgp_revocdir): New. (open_outfile): Add MODE value 3. * g10/keyid.c (hexfingerprint): New. * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke. -- GnuPG-bug-id: 1042
2025-07-02 22:46:30 +02:00 · 2014-06-25 20:25:28 +02:00 · 2014-06-25 20:25:28 +02:00 · 03018ef9ee
commit 03018ef9ee
parent aa5b4392aa
10 changed files with 143 additions and 9 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -3106,6 +3106,15 @@ files; They all live in in the current home directory (@pxref{option
  @item ~/.gnupg/secring.gpg.lock
  The lock file for the secret keyring.

+  @item ~/.gnupg/openpgp-revocs.d/
+  This is the directory where gpg stores pre-generated revocation
+  certificates.  It is suggested to backup those certificates and if the
+  primary private key is not stored on the disk to move them to an
+  external storage device.  Anyone who can access theses files is able to
+  revoke the corresponding key.  You may want to print them out.  You
+  should backup all files in this directory and take care to keep this
+  backup closed away.
+
  @item /usr[/local]/share/gnupg/options.skel
  The skeleton options file.