Revoke a key - What is with the decrypted messages?

John W. Moore III jmoore3rd at
Fri Nov 23 21:31:19 CET 2007

Hash: SHA512

reynt0 wrote:
> Just a maybe picky question:
> Does "stops new use" mean absolutely, like mechanical
> prevention, stops new use, or does it mean something like
> "stops by a social process", ie like knowledgeable users
> won't use it anymore?
> On Fri, 23 Nov 2007, David Shaw wrote:
>   . . .
>>  . . .         Revoking the key only
>> stops new use of the key - old messages are still okay.

In this context it will mean "like mechanical prevention" but only for
those Users who have Updated Your Key with the Revocation on their
Keyring.  GnuPG will _not_ Encrypt to a revoked Public Key.

However, if You never tell Me that You have revoked the Key and it is on
My Keyring and I Encrypt My annual Christmas Email to You using that Key
then it will not show Revoked on My Keyring and You will not be able to
read My Greetings unless You have kept the Secret Key for the revoked
Key on Your Keyring.  This assumes that I have been too lazy to
'Refresh' Your Key from the Servers prior to writing My yearly missive.

An easy method for handling this is to also send the Revocation
Certificate to all Your correspondents in addition to Sending the
Revoked Key to the Keyservers.  I would then recommend keeping a copy of
the Revoked Key available somewhere prior to deleting it 'just in case'
You ever receive a message Encrypted to it from someone You forgot to

Timestamp: Friday 23 Nov 2007, 15:30  --500 (Eastern Standard Time)
Version: GnuPG v1.4.8-svn4622: (MingW32)
Comment: Public Key at:
Comment: Gossamer Spider Web of Trust:
Comment: My Homepage:
Comment: MySpace Page:


More information about the Gnupg-users mailing list