Clarification on how revokation works
David Shaw
dshaw at jabberwocky.com
Thu Dec 2 00:57:43 CET 2004
On Wed, Dec 01, 2004 at 04:40:44PM -0700, Chris De Young wrote:
> Hi,
>
> This is probably a dumb question, but I just want to clarify how key
> revokation works...
>
> Am I correct in thinking that really only the public key of a key pair is
> what is revoked? (Though the secret key isn't all that useful without the
> public key being valid, of course.)
Yes. The secret key at that point is only useful for decrypting
things that were encrypted before the key was revoked.
> We have, in addition to people's individual keys, a shared key used for
> sending encrypted material to a group of people. Each member of the group
> received a copy of the secret key with a temporary passphrase, then
> (presumably) changed the passphrase to something of their own.
>
> Any member of the group with the secret key can revoke that key,
> effectively for everyone - right?
Yes.
> At a basic level, revoking a key is really just a matter of creating a
> signed statement saying "this key is no longer valid," yes?
Yes. And note that it's possible (though very difficult in practice)
to unrevoke a key by removing that statement.
I assume you are speaking about revoking a whole key here. It is also
possible to revoke a subkey and a user ID.
David
More information about the Gnupg-users
mailing list