How can I revoke a signing? WAS: RE: [WINPT USERS] Questions about installing latest WinPT over an old version

JW jw@centraltexasit.com
Wed Mar 20 18:09:06 2002 

At 07:56 AM 3/20/2002 -0800, you wrote:
>NOTE to GnuPG-user list.  I've cc'd this from the winpt user list as the
>issues are really about gnupg rather than winpt.

I hope cross posting is ok...

>This person lost their passphrase to their old secret key.  So we are
>suggesting that a work around to telling the world that it's lost is for him
>to sign it with his new key, then revoke the signature and upload the old
>key to the keyserver again.


>From: JW [mailto:jw@centraltexasit.com]
>Sent: Tuesday, March 19, 2002 4:00 PM
>
>>>1.  Sign old key with your new key.  Just like you would sign your friends
>>Ok... I have managed to do this on Linux. And "update" the "old" key by
>sending it again
>>according to hex ID (looks right at any rate)
>
>     Probably didn't need to do this but at least your old key is now signed
>by your new key.

First I downloaded the key from the keyserver with:

        gpg --keyserver pgp.mit.edu --recv-keys 0xE60F7299



I did this with the following:

        gpg --edit-key 0xE60F7299

and the "sign" command.


>>>2.  Now revoke (not delete; but revoke) the signature on your old key.
>
>>But then I think the next steps failed:

I use the revsig command

>>Command> quit
>>Save changes? y
>>gpg: sig E60F7299.72: duplicated certificate - deleted
>
>I've never revoked just the signature before.  But, the process should be
>similar to revoking the entire key.  It should write out a certificate that
>you can import back in to the keyring.

If you mean write out a new _file_, no, it did not write out a new file. Perhaps this is where I went wrong.
Should I try this on a file containing the old public key instead of on a key downloaded from the keyserver?

This is gpg (GnuPG) 1.0.6 BTW

>>When I look at the key server now there's nothing there that tells me that
>anything has changed.. 
>
>Somehow you need to get that signature revoke certificate generated and
>imported back in to the keyring.  Then upload the results to the keyserver.

Ok, well this is what I obviously don't know how to do corectly. GnuPG users: how do I do this?

>>Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key
>down from the 
>>keyserver as opposed to moving my public key over to Linux as a file.
>Should I copy my old public >key to Linux, sign/revsign it, then move the
>signed/revoked public key back over to WinPT, and
>>send the signed/revoked public key up with WinPT?
>
>In theory you should be able to pull a key down from the keyserver, sign it,
>upload it back.  All you need to do is add in the revoke signature piece
>before uploading it again.

How to do that is currently beyond me :-/

>>If I sign/revoke my public key with GPG on Linux, how do I import the
>signed/revoked key back
>> into WinPT for revocation... ...import from clipboard? Or maybe just
>overwrite C:\GNUPG
>
>Just import the revoke certificate.

But I don't have one :-) that's the whole problem. There is no separate revoke cert that I can see.

GnuPG users _ is there a way I can make a revoke certificate as a file, that I can import back into WinPT?

Thanks.

----------------------------------------------------
Jonathan Wilson
System Administrator
Clickpatrol.com
Cedar Creek Software     http://www.cedarcreeksoftware.com