Subkey revocation signature

Thomas Oberndörfer info at
Tue Feb 4 12:53:40 CET 2014


I'm trying to verify subkey revocation signatures created with GPG.

RFC4880 says:
"Key revocation signatures (types 0x20 and 0x28) hash only the key
being revoked"

But when I compute the hash data only with the subkey packet the
verification fails.

I then tried to hash primary and subkey packet together and the
verification succeeded.

So it looks like GPG is calculating subkey revocation signature
(type 0x28) in the same way as the binding signature (type 0x18).

Is this correct? And if yes is this not a deviation from RFC4880?
I'm currently implementing this verification in OpenPGP.js and
not sure how to handle this case.


More information about the Gnupg-devel mailing list