Gpg revocation anomaly

No such Client nosuchclient at gmail.com
Sat Aug 18 00:19:48 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

a) This strange time problem. Try --ignore-time-conflict.

- -> Did that, reimported, with..

gpg  --ignore-time-conflict --import testkey2.pub
gpg: key FC736AA2: "testkey2" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1



b) Have you imported the public key of testkey1 in your normal keyring?
If not
then the validity of the revocation signature cannot be checked.

# Personally, I was under the impression that even you do *not* have the
designated revoker key in your k-ring, that a valid revocation signature
is still binding to revoke the key. If alice revokes bob´s key, and
charlie has alice´s pubkey, but david, eric, and frank all don´t... that
doesnt matter.. Bobs key is still revoked by alice. They can just see
the keyid that revoked it.. It does not make the signature any less
valid.. Otherwise the web of trust, and revocations are... quite
useless.. But, I may be mistaken.. for arguments sake.. I did as you
asked (as you are being  helpful :-) )


gpg --import testkey1.pub
gpg: key 10CAC705: public key "testkey1" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)


gpg --edit-key testkey2

pub  1024R/FC736AA2  created: 2012-08-17  expires: 2012-08-19  usage: SC
                     trust: unknown       validity: unknown
sub  1024R/3C5A6360  created: 2012-08-17  expires: 2012-08-19  usage: E
[ unknown] (1). testkey2


# no... the revocation has not been reliably applied yet.. even after
importing testkey1´s pubkey.. I can change trust levels, but that also
does not change anything. The key is not .. reliably revoked. hmm.



# revocation key of testkey2

gpg -vv --list-packets testkey2.rev
gpg: armor: BEGIN PGP PUBLIC KEY BLOCK
gpg: armor header: Version: GnuPG v1.4.10 (GNU/Linux)
gpg: armor header: Comment: A designated revocation certificate should
follow
:public key packet:
        version 4, algo 1, created 1345216353, expires 0
        pkey[0]: [1024 bits]
        pkey[1]: [17 bits]
:signature packet: algo 1, keyid 61E4549810CAC705
        version 4, created 1345240934, md5len 0, sigclass 0x20
        digest algo 2, begin of digest 5b 07
        hashed subpkt 2 len 4 (sig created 2012-08-17)
        hashed subpkt 29 len 1 (revocation reason 0x00 ())
        subpkt 16 len 8 (issuer key ID 61E4549810CAC705)
        data: [1021 bits]
:signature packet: algo 1, keyid 95C626F3FC736AA2
        version 4, created 1345216416, md5len 0, sigclass 0x1f
        digest algo 2, begin of digest a1 e0
        hashed subpkt 2 len 4 (sig created 2012-08-17)
        hashed subpkt 12 len 22 (revocation key: c=c0 a=1
f=9AAE107EE4F480D3D4A2633F61E4549810CAC705)
        hashed subpkt 7 len 1 (not revocable)
        subpkt 16 len 8 (issuer key ID 95C626F3FC736AA2)
        data: [1024 bits]
:user ID packet: "testkey2"
:signature packet: algo 1, keyid 95C626F3FC736AA2
        version 4, created 1345216353, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 04 af
        hashed subpkt 2 len 4 (sig created 2012-08-17)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 9 len 4 (key expires after 2d0h0m)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        subpkt 16 len 8 (issuer key ID 95C626F3FC736AA2)
        data: [1024 bits]

# testkey2 public key with revocation signature added

gpg -vv --list-packets testkey2.pub
gpg: armor: BEGIN PGP PUBLIC KEY BLOCK
gpg: armor header: Version: GnuPG v1.4.10 (GNU/Linux)
:public key packet:
        version 4, algo 1, created 1345216353, expires 0
        pkey[0]: [1024 bits]
        pkey[1]: [17 bits]
:signature packet: algo 1, keyid 61E4549810CAC705
        version 4, created 1345216836, md5len 0, sigclass 0x20
        digest algo 2, begin of digest b7 67
        hashed subpkt 2 len 4 (sig created 2012-08-17)
        hashed subpkt 29 len 1 (revocation reason 0x00 ())
        subpkt 16 len 8 (issuer key ID 61E4549810CAC705)
        data: [1024 bits]
:user ID packet: "testkey2"
:signature packet: algo 1, keyid 95C626F3FC736AA2
        version 4, created 1345216353, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 04 af
        hashed subpkt 2 len 4 (sig created 2012-08-17)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 9 len 4 (key expires after 2d0h0m)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        subpkt 16 len 8 (issuer key ID 95C626F3FC736AA2)
        data: [1024 bits]
:public sub key packet:
        version 4, algo 1, created 1345216353, expires 0
        pkey[0]: [1024 bits]
        pkey[1]: [17 bits]
:signature packet: algo 1, keyid 95C626F3FC736AA2
        version 4, created 1345216353, md5len 0, sigclass 0x18
        digest algo 2, begin of digest a8 0b
        hashed subpkt 2 len 4 (sig created 2012-08-17)
        hashed subpkt 27 len 1 (key flags: 0C)
        hashed subpkt 9 len 4 (key expires after 2d0h0m)
        subpkt 16 len 8 (issuer key ID 95C626F3FC736AA2)
        data: [1022 bits]

-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAlAuwwcACgkQW09oVTHoH/dHkgD/WCXGNOoFZadKoibUahtHLa/7
7EWB4fJVx+u+E5rfBbEA/03a4cgwBv9r0L9Ktg/lEcKWCXJMihba3DztlJnsUNze
=IBxR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x31E81FF7.asc
Type: application/pgp-keys
Size: 2797 bytes
Desc: not available
URL: </pipermail/attachments/20120818/3755e2aa/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120818/3755e2aa/attachment.pgp>


More information about the Gnupg-devel mailing list