Detection of a revocation certificate prior to import

Patrick Brunschwig patrick at enigmail.net
Tue Apr 12 08:24:04 CEST 2016


On 12.04.16 04:10, Daniel Kahn Gillmor wrote:
> On Sat 2016-04-02 05:16:42 -0400, Ludwig Hügelschäfer wrote:
>> is it possible to identify a revocation certificate prior to import?
>>
>> - --list-packets does not seem to be very specific.
>>
>> We want to do this in Enigmail prior to import providing a preview.
> 
> i don't know of any way to do this in gpg directly :/ I do note that
> GnuPG 2.1 automatically creates the revocation certificates (in
> ~/.gnupg/openpgp-revocs.d) as files named *.rev.  But they're stored in
> ascii-armored form, with "-----BEGIN PGP PUBLIC KEY BLOCK-----" headers

Using --list-packets works for me:

a revocation certificate contains a single signature packet with a
specific signature class (0x20 = revocation cert). If it comes alone, it
is a certificate that can be used to revoke a key; if it is part of a
key, the key is revoked.

-Patrick




More information about the Gnupg-devel mailing list