Cannot revoke a certificate

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Dec 7 13:56:03 CET 2015


On Wed 2015-12-02 18:18:46 -0500, David wrote:
> I am trying to revoke a very old certificate that may be compromised.  I
> generated a revocation certificate using the following gpg command with
> no errors.  I did get a warning about MD5 being deprecated.
>
> C:\Users\David> gpg --output kill7827.asc --gen-revoke 80942C8D
>  
> However, I cannot use it.  Here is the output:
>
> C:\Users\David> gpg --import .\kill7827.asc
> gpg: Note: signatures using the MD5 algorithm are rejected
> gpg: key 80942C8D: invalid revocation certificate: Invalid digest
> algorithm - rejected
> gpg: error reading `.\\kill7827.asc': Invalid digest algorithm
> gpg: import from `.\\kill7827.asc' failed: Invalid digest algorithm
> gpg: Total number processed: 0
> C:\Users\David>

You should try adding "--cert-digest-algo sha1" arguments before the
--gen-revoke command to make a SHA1-based certificate revocation.

             --dkg



More information about the Gnupg-users mailing list