Revocation Certificate for GPG Key pair
You need to have a way of invalidating your GPG key pair in case there is a security breach, or in case you lose your secret key. There is an easy way of doing this with the GPG software.
This should be done as soon as you make the key pair, not when you need it. This revocation key must be generated ahead of time and kept in a secure, separate location in case your computer is compromised or inoperable. Type:
gpg --gen-revoke firstname.lastname@example.org
You will be asked for the reason that it is being revoked. You can choose any of the available options, but since this is being done ahead of time, you won't have the specifics.
You will then be offered to supply a comment and finally, to confirm the selections.
Afterwards, a revocation certificate will be generated to the screen. Copy and paste this to a secure location, or print it for later use:
Revocation certificate created.
Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable. But have some caution: The print system of
your machine might store the data and make it available to others!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: A revocation certificate should follow
-----END PGP PUBLIC KEY BLOCK-----