Generate Revocation Certificate for GPG Key

In the last post, We learnt about GPG Key, How to generate and publish the key for the world. The next step is to Generate the Revocation Certificate for your GPG key. Revocation certificate will allow you to make public announcement (kind of) that you are discontinuing this (compromised) key. 

    Why you ask? Because, If the key is (1) compromised and bad actor use that compromised key to be you (stole your identity) can be avoided or (2) you have forgotten the password of your existing GPG key and want to use another GPG key from now on. 

If you have used the latest GPG CLI to generate the GPG key, by default, it will generate the revocation certificate which can be found in $HOME/.gnupg/openpgp-revocs.d/ (Linux), Location can be different in different OSs. 

If you do not find the Revocation certificate, No worry, You can regenerate it IF and ONLY IF you remember the GPG key password. To generate you can run below command -  

gpg --output KEYID-revoke-cert.asc --gen-revoke KEYID

Replace KEYID with your GPG KeyID, The CLI prompt will ask the GPG key password to generate the revocation certificate, Once generated, Keep this certificate safe for future use in case of compromised key. Because, The Revocation Certificate generation process prompt the GPG key password, It is a Good practice to generate it as soon as you generate the GPG key.  

Like the below page to get the update  
Facebook Page      Facebook Group      Twitter Feed      Telegram Group