Installation guide
Appendix B. Getting Started with Gnu Privacy Guard 255
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.+++++.++++++++....++++++++++..+++++.+++++.+++++++.+++++++
+++.++++++++++++++++++++++++++++++++++++++..........................++++
When the activity on the screen ceases, your new keys will be made and placed in the direc-
tory .gnupg in your home directory. To list your keys, use the command:
gpg --list-keys
You will see something similar to the following:
/home/newuser/.gnupg/pubring.gpg
-----------------------------------------
pub 1024D/B7085C8A 2000-04-18 Your Name
you@yourisp.net
sub 1024g/E12AF9C4 2000-04-18
B.3. Generating a Revocation Certificate
Once you have created your keypair, you should create a revocation certificate for your pub-
lic key. If you forget your passphrase, or if it has been compromised, you can publish this
certificate to inform users that your public key should no longer be used.
Note
When you generate a revocation certificate, you are not revoking the key you just created. Instead,
you’re giving yourself a safe way to revoke your key from public use. Let’s say you create a key, then
you forget your passphrase, switch ISPs (addresses), or suffer a hard drive crash. The revocation
certificate can then be used to disqualify your public key.
Your signature will be valid to others who read your correspondence before your key is re-
voked, and you will be able to decrypt messages received prior to its revocation. To generate
a revocation certificate, use the --gen-revoke option:
gpg --output revoke.asc --gen-revoke
you@yourisp.net
Note that if you omit the --output revoke.asc option from the above, your revocation
certificate will be returned to the standard output, which is your monitor screen. While you
can copy and paste the contents of the output into a file of your choice using a text editor,
such as Pico, it is probably easier to send the output to a file in your login directory. That way,
you can keep the certificate for use later, or move it to a floppy disk and store it someplace
safe.
To create a revocation certificate, use the command:
gpg --output revoke.asc --gen-revoke
you@yourisp.net
The output will look similar to the following:
sec 1024D/823D25A9 2000-04-26 Your Name you@yourisp.net
Create a revocation certificate for this key? y
You need a passphrase to unlock the secret key for
user: "Your Name you@yourisp.net "