Key revoking

J. Michael Ashley jashley@acm.org
Sat, 26 Feb 2000 08:49:04 -0500 (EST) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 13 Feb 2000, Nate Eldredge wrote:

> I'm trying to figure out how key revoking works.  The manual explains

> all the relevant GnuPG options, but not the whole procedure.


Yes, it explains how to generate the revocation certificate but not
when to or the consequences of applying the certificate.  I've put
this on the todo list.


> 1.  The manual tells how to generate a revocation certificate

> (--gen-revoke).  What is it that gets spit out?  It says "PGP PUBLIC

> KEY BLOCK", and the comment says "A revocation certificate should

> follow", which would seem to imply that perhaps this isn't the

> certificate itself.


It is the certificate.


> 1a. Once I have a revocation certificate, how do I use it?  Suppose

> I've lost my secret key and want to revoke it.  What should I do with

> the certificate?  I tried, for example, submitting the output of

> --gen-revoke to a keyserver, but it rejects it.


If you import it, and the public key that it revokes is on your keyring,
your copy of the public key will be revoked.


> 2.  I figured out how to revoke a key using the `revkey' command in

> --edit-key.  And indeed, once I do that, attempts to encrypt to that

> user give a warning.  However, signatures still seem to be perfectly

> fine.  I.e. I sign a file and then revoke the key (selecting key 1),

> but even then doing --verify on the file reports that it's okay.  Is

> this intentional?  It would seem, then, that if my key gets

> compromised, nothing stops the bad guy from forging messages in my

> name.


When you sign, you use your private key, and that is not what gets
revoked.  So yes, nothing stops the bad guy from forging messages if he
can bypass the encryption protecting your private key.

When the public key is revoked using the revocation certificate, however,
then signatures made *after* the revocation will be flagged as invalid
when checked against the revoked public key.  Signatures made before
the revocation will be checked normally.

Typically, you revoke your own copy of your public key using your
revocation certificate and then distribute the revoked public key as
best you can.  The problem is distributing your revoked public key fast
enough and far enough.  A bad guy could fool your friends before your
friends get a copy of the revoked public key.

It's a social key management problem.

Mike

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAji32dMACgkQBwMqlokEyOJHNQCfbupR2/ikmvH2+Q82ER4D8jjO
pMYAoLz4gRkNCOcsPqWv9GbPA/eSZyBt
=RL8Y
-----END PGP SIGNATURE-----