Proper revocation (was: Re: invalid gpg key revocation)
kwadronaut
kwadronaut at autistici.org
Wed Mar 7 10:15:07 CET 2012
On Mon, 05 Mar 2012 13:40:09 -0500, David Shaw wrote:
> You can examine the revocation certificate with:
>
> gpg --export (your key id) | gpg --list-packets
> The piece you are interested in will look like this. It's usually the
> second packet in an exported key:
>
> :signature packet: algo 1, keyid 7296AD3DA736CEC5
> version 4, created 1330970459, md5len 0, sigclass 0x20 digest
algo
2,
> begin of digest 74 51
> hashed subpkt 2 len 4 (sig created 2012-03-05) hashed subpkt 29
len 10
> (revocation reason 0x01 (foobar)) subpkt 16 len 8 (issuer key ID
> 7296AD3DA736CEC5) data: [2047 bits]
>
> Note the sigclass is "0x20", which is the revocation class. The keyid
> would be that of your key (or it's a revocation for someone else, and is
> not relevant to your key). "Created" is the epoch timestamp of when the
> revocation was supposedly generated, echoed in "sig created". The
> "revocation reason" is the reason given when generating the revocation:
>
> 0 == no reason given
> 1 == revoked because the key was compromised 2 == revoked because the
> key was superseded by another key 3 == revoked because the key is no
> longer used
>
> The string in parenthesis is a human readable note given by the revoker.
I noticed that some tools (i.e. Enigmail) don't give you the option to
specify a revocation reason. I haven't uploaded my revoked key as of yet,
so how should I edit it to specify a reason?
More information about the Gnupg-users
mailing list