Proper revocation (was: Re: invalid gpg key revocation)

kwadronaut kwadronaut at
Wed Mar 7 10:15:07 CET 2012

On Mon, 05 Mar 2012 13:40:09 -0500, David Shaw wrote:
> You can examine the revocation certificate with:
>  gpg --export (your key id) | gpg --list-packets
> The piece you are interested in will look like this.  It's usually the
> second packet in an exported key:
> :signature packet: algo 1, keyid 7296AD3DA736CEC5
> 	version 4, created 1330970459, md5len 0, sigclass 0x20 digest 
> 	begin of digest 74 51
> 	hashed subpkt 2 len 4 (sig created 2012-03-05) hashed subpkt 29 
len 10
> 	(revocation reason 0x01 (foobar)) subpkt 16 len 8 (issuer key ID
> 	7296AD3DA736CEC5) data: [2047 bits]
> Note the sigclass is "0x20", which is the revocation class.  The keyid
> would be that of your key (or it's a revocation for someone else, and is
> not relevant to your key).  "Created" is the epoch timestamp of when the
> revocation was supposedly generated, echoed in "sig created".  The
> "revocation reason" is the reason given when generating the revocation:
> 0 == no reason given
> 1 == revoked because the key was compromised 2 == revoked because the
> key was superseded by another key 3 == revoked because the key is no
> longer used
> The string in parenthesis is a human readable note given by the revoker.

I noticed that some tools (i.e. Enigmail) don't give you the option to 
specify a revocation reason. I haven't uploaded my revoked key as of yet, 
so how should I edit it to specify a reason?

More information about the Gnupg-users mailing list