Generating revocation certificate

André Ockers andre at
Sat Apr 6 20:24:11 CEST 2019

Hi mr. Reichelt and list,

Op 06-04-19 om 18:32 schreef Markus Reichelt:
> * André Ockers <andre at> wrote:
>> Op 06-04-19 om 15:04 schreef Markus Reichelt:
>>> gpg -a --output andre at --gen-revoke 7CD3FBC8F6005ED5
>> This leads to the following:
>> gpg: secret key "7CD3FBC8F6005ED5" not found: eof
> i'm using on slackware64-current (if you are using windows, all hands
> are off)
> gpg --version
> gpg (GnuPG) 2.2.15
> libgcrypt 1.8.4

I'm using (up to date) Trisquel

$ gpg --version
gpg (GnuPG) 1.4.20

$ gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5

> it looks to me you are lacking access to the secret key - you
> need it in order to be able to create a revocation cert. but since
> you are able to still sign mails (to this list, e.g.) that key must
> be there still. 
> if you run "gpg --list-keys andre at" (with gpg2)
> does that fingerprint show up?:
> 0288A46FA7FF9A9B5BF64D6B7CD3FBC8F6005ED5

$ gpg2 --list-keys andre at
pub   rsa4096/F5FE3668 2014-07-31 [SCA] [revoked: 2018-12-29]
uid         [ revoked] Andr� Ockers <andre at>
uid         [ revoked] Andr� Ockers <ao at>

pub   rsa4096/F6005ED5 2018-12-29 [SCA]
uid         [ultimate] Andr� Ockers <ao at>
uid         [ultimate] Andr� Ockers <andre at>
(plus a subkey)

> anyhow, if you lost (access to) that key in question, it's too late
> to create a revocation cert.  best practice is to deal with that when
> deploying a new key.

I already made a revocation certificate with Enigmail.

Thank you.

Best regards,

André Ockers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list