Key revoking
Werner Koch
wk@gnupg.org
Mon, 14 Feb 2000 12:32:09 +0100
On Sun, 13 Feb 2000, Nate Eldredge wrote:
> 1. The manual tells how to generate a revocation certificate
> (--gen-revoke). What is it that gets spit out? It says "PGP PUBLIC
> KEY BLOCK", and the comment says "A revocation certificate should
> follow", which would seem to imply that perhaps this isn't the
> certificate itself.
Frankly it is not a complete key but only the certificate. OpenPGP
mandates that this should be a key with the revocation certificate.
I decided nbot to emit this because this way you can print it out and
type it in if you ever will need it.
The Horrowitz keyservers (pgp.net) should now all accept these
standalone revocations. Don't know about NAIs certserver.
Making a real valid revocation is however trivial: import the
revocation into your keyring using Gnupg and the do a regular export
or --send-keys.
> fine. I.e. I sign a file and then revoke the key (selecting key 1),
> but even then doing --verify on the file reports that it's okay. Is
If you use the defaults in key generation, than key(1) is the
encryption key and you used the primary key to create the signature.
A primary key can only be revoked using the --gen-revoke command.
> I'd appreciate an email CC on responses if convenient, as I'm not on
> the mailing list and may miss it in checking the archives.
Werner