TB78+: Managing revocation certificates at org level

[Thom Kaye]

Hi folks,

If you use the integrated PGP functionality in TB78+ in your orgs, how are you managing the collection or back-up of revocation certificates?

Specifically, we used to have a centralised, encrypted back-up of revocation certificates in case devices were lost or other issues and we needed to revoke a key. Under TB78, I see revocation certificates are created automatically when new keys are generated, but they can't be easily exported. So we are having to either guide staff to find their TB profile folders and then make a copy of the revocation certificate stored there (which is hard for end users to find) or install GnuPG and export via command line. All of which is quite time consuming. For old versions of Thunderbird that used Enigmail, we were able to export revocation certificates straight from the key manager - which was straightforward.

How are others approaching this? Is there a simpler process that we've missed?

Thanks,

Thom

--

Thomas Kaye

Chief Security Officer

Access Now | https://www.accessnow.org

Fingerprint: 5065 4E99 D8EA 1A89 C2EC 23F3 2E67 753E A562 436F

* Subscribe to the Access Now Express, our weekly newsletter on digital rights

* Join the RightsCon community - get updates via the RightsCon Rundown

* Follow our evolving programmatic response to COVID-19 around the world