Revoking a key using the designated revoker

David Shaw dshaw at
Sun Mar 20 15:24:38 CET 2005

On Sun, Mar 20, 2005 at 12:03:37PM +0100, David Lorch wrote:
> Hi all,
> GPG provides an option to add a designated revoker to a key.
> Having designated my primary key as revoker for a smart card key, I
> would like to know how I can actually revoke the latter should I lose
> its secret key (that is, the smart card).
> If I temporarily delete the card key's pseudo-secret key from GPG and
> type "gpg --edit-key <mykey>" and then "revkey", GPG says it needs the
> secret key to do this.
> If I type "gpg --gen-revoke <key>", I get told "gpg: secret key <mykey>
> not found: eof".
> Still, --edit-key always shows that "This key may be revoked by DSA key
> xxxxxxxx", but I don't seem to find a way to accomplish this special way
> of revoking even though the designated revoker's secret key is stored in
> my GPG keyring.
> Can anyone tell me how to make use of the designated revoker?

gpg --desig-revoke


More information about the Gnupg-users mailing list