Revoke a key - What is with the decrypted messages?

Sven Radde sven at
Fri Nov 23 16:51:46 CET 2007


Wolf Canis schrieb:
> I have a revocation
> certificate.

Great! ;-)

> But what is with the decrypted messages to me, can I still encrypt this
> messages? Or is the secret key invalid too?

You will be able to decrypt messages and others will be able to verify
signatures which were issued by the revoked key when it was still valid.

Others won't be able to encrypt *to* the revoked key anymore and you
won't be able to sign anything new anymore with the key.

Revocation isn't so much technically "destroying" the key, it is more an
administrative procedure telling everybody that the key is not in active
use anymore and should be treated accordingly.

If you still have access to the secret key, you do not have to use your
pre-generated revocation certificate. You can also directly revoke the
key. This has the advantage that you can specify a reason for revoking
(e.g. "replaced by new key: 0x...").

HTH, Sven

More information about the Gnupg-users mailing list