effect of revuid

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Feb 4 03:43:33 CET 2017


On Tue 2017-01-31 08:13:52 -0500, Marko Bauhardt wrote:
> what is the effect when delete a UID via `revuid` from a  given key.

revuid does not delete a User ID, it revokes a user ID.  On a typical
OpenPGP certificate, a revoked User ID is still present, but it is
marked clearly and verifiably as having been revoked.

It's still possible to emit a "cleaned" version of the cert without any
of the revoked User IDs on it, of course.

Note that if you just do your revocation locally and don't find a way to
get it to your correspondents (e.g. by publishing to the keyservers, and
hoping that they all refresh regularly) then no one will know about it,
and from their point of view the User ID will not be revoked.

> My key is still valid right? The uid’s are only bound to a given key
> and can be exchanged as much i want. right? Or are there some more
> effects?

The primary key and its subkeys are still valid, yes.  If you revoke the
last User ID, then arguably a cleaned version of your certificate
(without any User IDs) will not be considered a valid "transferable
public key" because it will have no User ID associated.

> Can i still decrypt emails with my key sent to this revoked email?

even if your certificate as a whole is explicitly revoked, the
mathematical object that is the secret key still exists, and can still
perform whatever operations you require of it.  So yes, you should be
able to decrypt anything encrypted to any secret key you hold,
regardless of whether the certificates that contain those keys are
valid, revoked, expired, or whatever.

make sense?

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170203/ce1748dd/attachment.sig>


More information about the Gnupg-users mailing list