GPG revocations & PGP

Werner Koch
Thu, 28 Dec 2000 14:19:25 +0100

On Wed, 27 Dec 2000, Florian Weimer wrote:

> With --gen-revoke, you have created a bare revocation self-signature.
> I think PGP requires that the revocation signature is part of an
> OpenPGP public key (see section 11.1 in RFC 2440).
It is a feature :-) and some keyservers are patsched to accept this bare revocation. The reason why GnuPG creates a bare revocation signature is for your convenience. Paper is more reliable than a floppy or the hard disk - therefore you should either print or write the revocation cert down, so that you can enter it back (using a normal editor) into a computer from the printout. Doing this for several k of key stuff is not a easy task. IMHO it is easier to take the revocation signature and import it using GnuPG and then send the entire key to the keyserver. Werner -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to