Detection of a revocation certificate prior to import

Patrick Brunschwig patrick at
Wed Apr 13 08:11:36 CEST 2016

On 12.04.16 16:38, Daniel Kahn Gillmor wrote:
> On Tue 2016-04-12 08:42:16 -0400, Werner Koch wrote:
>> On Tue, 12 Apr 2016 08:24, patrick at said:
>>> Using --list-packets works for me:
>> Do not use --list-packets to autmate tasks!  That command has no well
>> defined semantics and should thus not be used by any tools.
> In that case, we could really use an automatable feature that permits
> this kind of inspection.
> Saying "if a revocation certificate exists, it should be imported"
> doesn't account for the use case that Patrick is aiming for: the user is
> importing things and considering what to do with them.
> We want to actively encourage people to generate and store revocation
> certificates, and we should make the workflow (both for generating them
> and for consuming them) as user-friendly as possible.  This means not
> everyone will understand about removing the leading colon from a text
> file, and we want to encourage GUI tools (like enigmail) from being able
> to detect them; to explain to the user what the consequences will be if
> they import them; to encourage publication to the keyservers; etc...

... or in other words, if we should not use --list-packets, how else can
we detect a revocation certificate?


More information about the Gnupg-devel mailing list