Controlling --desig-revoke on command line

Michael Schierl schierlm at gmx.de
Fri Sep 16 17:08:16 CEST 2005


Hi,

Situation: There are three keys,
   "Designated Revoker Test"
   "Revoker1"
   "Revoker2"

"Revoker1" and "Revoker2" may both revoke "Designated Revoker Test".

GPG Version is 1.4.2 for Windows from gnupg.org.

Trying to revoke this key interactively looks like this:

> C:\temp>gpg --homedir \temp --desig-revoke Designated
> 
> pub   512D/68E771D3 2005-09-16 Designated Revoker Test
> To be revoked by:
> sec   512D/8116F98A 2005-09-16 Revoker1
> Create a designated revocation certificate for this key? (y/N) n
> 
> pub   512D/68E771D3 2005-09-16 Designated Revoker Test
> To be revoked by:
> sec   512D/0571B852 2005-09-16 Revoker2
> Create a designated revocation certificate for this key? (y/N) n

But, when using --with-colons, --command-fd, --status-fd and such, it is
 impossible to tell which key is which:

> C:\temp>gpg --homedir \temp --with-colons --no-tty --status-fd 1 --command-fd 0 --desig-revoke Designated
> [GNUPG:] GET_BOOL gen_desig_revoke.okay
> n
> [GNUPG:] GOT_IT
> [GNUPG:] GET_BOOL gen_desig_revoke.okay
> n
> [GNUPG:] GOT_IT

Am I again missing some option (either to make it more verbose or to
specify the correct revoker on command line) or is this a bug?

There *is* a workaround I know - just continue with the revocation stuff
until the passphrase is asked for; then you'll get the key id in the
USERID_HINT. And if it is the wrong one, close the pgp process and retry
the next one...

However, this is quite a "dirty hack" - and it does not work if one of
the revokers does not have any passphrase...

Michael



More information about the Gnupg-devel mailing list