From 03018ef9eec75e4d91ea53c95547a77dedef8f80 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 25 Jun 2014 20:25:28 +0200
Subject: gpg: Auto-create revocation certificates.

* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
---
 doc/gpg.texi | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'doc')

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9c52282cb..5efc16e86 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3106,6 +3106,15 @@ files; They all live in in the current home directory (@pxref{option
   @item ~/.gnupg/secring.gpg.lock
   The lock file for the secret keyring.
 
+  @item ~/.gnupg/openpgp-revocs.d/
+  This is the directory where gpg stores pre-generated revocation
+  certificates.  It is suggested to backup those certificates and if the
+  primary private key is not stored on the disk to move them to an
+  external storage device.  Anyone who can access theses files is able to
+  revoke the corresponding key.  You may want to print them out.  You
+  should backup all files in this directory and take care to keep this
+  backup closed away.
+
   @item /usr[/local]/share/gnupg/options.skel
   The skeleton options file.
 
-- 
cgit v1.2.3