Revoke and expire

David Shaw dshaw at jabberwocky.com
Wed Jun 13 22:38:25 CEST 2007 

On Wed, Jun 13, 2007 at 02:02:14PM -0600, Henry Hertz Hobbit wrote:
> gnupg-users-request at gnupg.org wrote:
> David Shaw <dshaw at jabberwocky.com> wrote:
> 
> > On Mon, Jun 11, 2007 at 10:24:23PM +0530, Hardeep Singh wrote:
> >> Hi
> >>
> >> When a key is revoked using the revocation certificate, does it have
> >> the same effect as reaching the expiry date of the key? In other words
> >> if I set a key to no expire but generate a revocation certificate, it
> >> is equally safe?
> > 
> > They're similar, but different.  A key that has reached its expiration
> > date is not usable, but a new expiration date can be put on it that
> > makes the key usable again.  A key that has been revoked cannot be
> > easily un-revoked.
> > 
> > Note that I'm talking about whole keys here.  It is possible to
> > un-revoke a revoked user ID on a key.
> 
> How do you unrevoke a key, especially if it is on the keyservers?
> I can think of making a backup of the key, revoking it and then
> sending the revocation to the keyservers, then unpacking the non-
> revoked folder, extending the date, and squirreling that away in
> some safe deposit box just in case I need it some time in the future.
> Once you are pretty sure you will never need it again you can destroy
> the backup.  But that means it is only unrevoked for myself. Was
> that what you meant?

Essentially, yes, though there are simpler ways to do it.  Save a
revoked key to a file and run 'gpgsplit' on it.  Delete the revocation
packet.  Join the parts back together again, and poof: you have a
unrevoked key.

The catch, of course, is that the key on the keyservers is still
revoked.  You can send out this "non-revoked" key, but as soon as
someone refreshes from a keyserver, it'll become revoked again.

There are a few interesting attacks around this sort of packet
tampering.  Say that Alice got a copy of Bob's private key and his
passphrase.  Bob finds this out, and immediately revokes his key and
sends the revocation to a keyserver.  Later, Charlie wants to
communicate with Bob, and Alice "helpfully" gives him a copy of Bob's
un-revoked public key, knowing that she can read anything encrypted to
it.  This doesn't work in practice, as Bob will presumably notice that
Charlie is using a revoked key.  (GPG will actually warn Bob when
decrypting Charlie's message) Still, Alice could get one message that
way...

> But more to the point, what would most people prefer for somebody
> else to do when they no longer intend to use a key, especially if
> it is on the keyservers - allow it to expire or revoke it with
> some message like "key deprecated"?  This is more along the line
> of human usability and preferences, not technical.  I am assuming
> from what has been said that most people want the key revoked,
> rather than just allowing it to elapse and expire like Johannes
> Ullrich does. Any opinions?

I have a different opinion for full keys (for which I mildly favor
revocation because it's an explicit step that means "this key is dead,
full stop") and subkeys, which I'd just let expire.

It's not really a big deal though - either way, the key and/or subkey
isn't usable.

David

More information about the Gnupg-users mailing list