invalid gpg key revocation

Hauke Laging mailinglisten at
Mon Mar 5 19:53:14 CET 2012

Am Montag, 5. März 2012, 18:12:24 schrieb auto15963931 at
> I am 99.9% sure no one has gotten access to my machine or my keys.

IMHO that requires at least that

1) you have generated the key in a secure environment, i.e.
	a) booted from a safe medium
	b (really) validated the content of the medium
2) and either
	a) you have made sure that the key has never been written to a medium 
which has been accessible by an insecure environment afterwards
	b) the passphrase is secure (random, 80+ bit key space) and has never 
been used in an insecure environment
3) the key has been generated by a well known software about which no 
respective bugs (like the SSL key space disaster) are known

Can you confirm that?

> If they had, I have to believe that there would have been more
> damage done than this,

It is hard to make good assumptions about the motivation and aims of unknown 
people. You don't even know whether the one got access to your private key by 
planned action or rather incidentally.

Even if it was planned the motivation may have been to show you your limits 
(or the other one's superiority), not to cause damage (=becoming really 

> What can be looked at on the revoked key
> to see how or under what circumstances it was revoked?

I do not know whether there is any data in such a revocation signature that 
differs from system to system. Even the timestamp can easily be faked.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120305/9010381d/attachment.pgp>

More information about the Gnupg-users mailing list