Of Public Key Servers, Revocation and Key ID's

Servie Platon servie_tech at yahoo.com
Wed Nov 17 06:43:07 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi gnupg gurus,

I need to shed some light on how Public Key Servers
Revocation
Certificate and Key ID's play hand in hand.

Based from my understanding, after we create our key
pair we are
supposed to create a revocation certificate right away
so that
in the event that our key pair in particular private
key has
been compromised or regarded as useless we can revoke
it
anytime.

Now, if we would like our public keys to be readily
available to
everyone for verification purposes, public keyserver
are
available to us so we could upload these.

Is this correct? 

Based on the following situation, please kindly advise
what, or
is there anything I could do here:

1. I created 2 key pairs, one for my public web mail
account and
one for my work (private use), with Key ID's 0xKeyID#1
and
0xKeyID#2 for example;

2. I have uploaded both Key IDs to a public keyserver
of choice,
random.sks.keyserver.penguin.de which was somehow
successful;

3. I did create a revocation certificate for both keys
by
issuing this command in a command prompt: gpg --output
revcert.asc --gen-revoke 0xKeyID#1 and gpg --output
revcert1.asc
- --gen-revoke 0xKeyID#2 respectively;

Now for my questions:

1. Assuming, I wanted to revoke KeyID#1 which I
uploaded to
penguin.de. How do I do this? 

I did some tinkering using gpg keys, (gpg shell),
highlighted
the UserID (KeyID) in question, went to keys - import,
then
selected revcert.asc for KeyID#1. After which, went to
Keys-Update from Key-Server and selected penguin.de.

Now, to check if this has been revoked at the prompt,
I see my
KeyID with revoke in it. Does this mean locally my Key
has been
revoked or it has been revoked at the public key
server as well?

2. How do we check for the KeyID's that it really
comes from
that person? For instance, I post here and it displays
my Key
ID, how do you guys check my KeyID if in case, I have
already
posted this to a public key server?

3. And finally, if I have uploaded my public key to a
public key
server and I deleted my keys locally without doing a
revocation
certificate and updated the key server hosting my key.
And after
awhile, I created myself another key pair for the same
UserID
which I deleted before without revoking. Will this
pose as a
problem for me considering it might confuse other
people such as
yourself trying to figure out which key is being used
since
there are two entries of KeyIDs?

I really do need some pointers on how to manage my
keys properly
and I feel this is the place where I could find the
answers.

Thank you very much.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (MingW32) - GPGshell v3.23

iD8DBQFBmuS6yQgrZePdA38RAhONAJ9EgJDxBbzVdQQ52jDrrxiNJ1P51wCeIatO
ee4kPvUKR2ngdlXW4yxhvv0=
=cca6
-----END PGP SIGNATURE-----


=====
Sincerely,
Servie Platon


		
__________________________________ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 




More information about the Gnupg-users mailing list