key revocation reasons in frontends/gnupg

kwadronaut kwadronaut at aktivix.org
Sun Jan 6 00:39:05 CET 2013


Hi,

I was thinking/discussing rfc2440 5.2.3.22. Reason for Revocation. I'd
love to hear opinions why it would or wouldn't make sense to have this
information easy(easier) available with gnupg or some frontends. I
personally find it very convenient to point people to that packet to say
that I for example have a new key that superseded the old one. But maybe
you have other opinions? For sake of easiness I'll paste here the
relevant RFC section:

   (1 octet of revocation code, N octets of reason string)

   This subpacket is used only in key revocation and certification
   revocation signatures. It describes the reason why the key or
   certificate was revoked.

   The first octet contains a machine-readable code that denotes the
   reason for the revocation:
       0x00 - No reason specified (key revocations or cert revocations)
       0x01 - Key is superceded (key revocations)
       0x02 - Key material has been compromised (key revocations)
       0x03 - Key is no longer used (key revocations)
       0x20 - User id information is no longer valid (cert revocations)

   Following the revocation code is a string of octets which gives
   information about the reason for revocation in human-readable form
   (UTF-8). The string may be null, that is, of zero length. The length
   of the subpacket is the length of the reason string plus one.

Ciao,

Kwadronaut



More information about the Gnupg-users mailing list