How can I revoke a signing? WAS: RE: [WINPT USERS]
Questions about installing latest WinPT over an old version
Wed Mar 20 18:09:06 2002
At 07:56 AM 3/20/2002 -0800, you wrote:
>NOTE to GnuPG-user list. I've cc'd this from the winpt user list as the
>issues are really about gnupg rather than winpt.
I hope cross posting is ok...
>This person lost their passphrase to their old secret key. So we are
>suggesting that a work around to telling the world that it's lost is for him
>to sign it with his new key, then revoke the signature and upload the old
>key to the keyserver again.
>From: JW [mailto:firstname.lastname@example.org]
>Sent: Tuesday, March 19, 2002 4:00 PM
>>>1. Sign old key with your new key. Just like you would sign your friends
>>Ok... I have managed to do this on Linux. And "update" the "old" key by
>sending it again
>>according to hex ID (looks right at any rate)
> Probably didn't need to do this but at least your old key is now signed
>by your new key.
First I downloaded the key from the keyserver with:
gpg --keyserver pgp.mit.edu --recv-keys 0xE60F7299
I did this with the following:
gpg --edit-key 0xE60F7299
and the "sign" command.
>>>2. Now revoke (not delete; but revoke) the signature on your old key.
>>But then I think the next steps failed:
I use the revsig command
>>Save changes? y
>>gpg: sig E60F7299.72: duplicated certificate - deleted
>I've never revoked just the signature before. But, the process should be
>similar to revoking the entire key. It should write out a certificate that
>you can import back in to the keyring.
If you mean write out a new _file_, no, it did not write out a new file. Perhaps this is where I went wrong.
Should I try this on a file containing the old public key instead of on a key downloaded from the keyserver?
This is gpg (GnuPG) 1.0.6 BTW
>>When I look at the key server now there's nothing there that tells me that
>anything has changed..
>Somehow you need to get that signature revoke certificate generated and
>imported back in to the keyring. Then upload the results to the keyserver.
Ok, well this is what I obviously don't know how to do corectly. GnuPG users: how do I do this?
>>Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key
>down from the
>>keyserver as opposed to moving my public key over to Linux as a file.
>Should I copy my old public >key to Linux, sign/revsign it, then move the
>signed/revoked public key back over to WinPT, and
>>send the signed/revoked public key up with WinPT?
>In theory you should be able to pull a key down from the keyserver, sign it,
>upload it back. All you need to do is add in the revoke signature piece
>before uploading it again.
How to do that is currently beyond me :-/
>>If I sign/revoke my public key with GPG on Linux, how do I import the
>signed/revoked key back
>> into WinPT for revocation... ...import from clipboard? Or maybe just
>Just import the revoke certificate.
But I don't have one :-) that's the whole problem. There is no separate revoke cert that I can see.
GnuPG users _ is there a way I can make a revoke certificate as a file, that I can import back into WinPT?
Cedar Creek Software http://www.cedarcreeksoftware.com