Revoking a key using the designated revoker

David Lorch david.lorch at gmx.de
Sun Mar 20 12:03:37 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

GPG provides an option to add a designated revoker to a key.
Having designated my primary key as revoker for a smart card key, I
would like to know how I can actually revoke the latter should I lose
its secret key (that is, the smart card).

If I temporarily delete the card key's pseudo-secret key from GPG and
type "gpg --edit-key <mykey>" and then "revkey", GPG says it needs the
secret key to do this.
If I type "gpg --gen-revoke <key>", I get told "gpg: secret key <mykey>
not found: eof".

Still, --edit-key always shows that "This key may be revoked by DSA key
xxxxxxxx", but I don't seem to find a way to accomplish this special way
of revoking even though the designated revoker's secret key is stored in
my GPG keyring.

Can anyone tell me how to make use of the designated revoker?


Thanks for you help,

  David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQCVAwUBQj1Yh+ZYJaj3HSsiAQJHIAQAla1GweTjC69xqWn5/fe3f161nMUmBDJ8
kqBVorr96M0oIRCd0sCDAGGAR9gJZpZEDsmTMuD3KF8BJLrJWZKRd75BYlWgOPTa
xWVeArTdN6C44pUkGxDAnWL6POa40fEFXaQimN9FzyvgxNDKVTHSVYE4Cjl+i0UH
4lw7BBZWU/c=
=lOFH
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list