Key revocation UI confusion
Ben McGinnes
ben at adversary.org
Sat Oct 15 09:08:29 CEST 2011
On 13/10/11 9:50 AM, Andy Bennett wrote:
>
> Today someone suggested that they thought I'd revoked my key so I
> looked into it. At first I thought that they were possibly correct:
> some UIs seem to suggest that my key has indeed been
> revoked. However, 'gpg --verify' and Enigmail are happy to verify
> signatures made by my key and both tools are happy to use the key as
> if it were valid.
It looks fine to me:
bash-3.2$ gpg -k 7EBA75FF
pub 1024D/7EBA75FF 2000-10-30
uid Andy Bennett <andyjpb at ashurst.eu.org>
uid Andy Bennett <andyjpb at bigfoot.com>
uid Andy Bennett <andyjpb at geniedb.com>
sub 2048g/C65AF469 2008-05-27
bash-3.2$
This is all anyone (other than you) really needs to pay any attention
to. The only time they need to edit the key is when signing it,
although maybe to check the available or preferred alorithms. Even so
that only shows that two old UIDs have been revoked, along with one
old subkey which was clearly replaced by the other subkey.
That said, I can see why people might panic at the sight of the key
revocation message immediately after the pub line instead of reading
it as immediately before the sub line to which it refers.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111015/43a8c6ac/attachment.pgp>
More information about the Gnupg-users
mailing list