Detection of a revocation certificate prior to import

Patrick Brunschwig patrick at
Wed Apr 13 17:23:55 CEST 2016

On 13.04.16 09:30, Werner Koch wrote:
> On Wed, 13 Apr 2016 08:11, patrick at said:
>> ... or in other words, if we should not use --list-packets, how else can
>> we detect a revocation certificate?
> The question is why you want to do this?  Do you want to filter
> signatures you are merging into a key?  I can understand that there
> might be a need to avoid key-signatures which play havoc with ones key
> (Use a keyserver to list on my key) but I can't see a reason not to
> merge a self-signature.  You should consider an OpenPGP key a
> distributed object with the technical need for regular syncing.
> Or do you want to avoid accidental merging of a pre-created revocation
> certificate?  In this case I described a way to avoid this.  If that is
> not sufficient, I we can make the --dry-run option work for --import so
> that you get only the stats.

Enigmail displays a dialog to the user *before* the keys are imported to
allow the user to determine what he is about to import. In case the user
is about to import a revocation certificate, we display a message like
"you are about to import a revocation certificate for key X. Are you
sure you want to proceed?".

This is particularly useful if you are accidentally about to import a
revocation cert for your own key.

The problem with your workaround is that
a) it's not guaranteed that everybody uses this method
b) it does not help if you want to know which key is concerned


More information about the Gnupg-devel mailing list