Desig-revoke
gnupg.ladder289 at passmail.net
gnupg.ladder289 at passmail.net
Wed Mar 25 14:28:12 CET 2026
Okay, so:
1) With `gpg --expert --full-gen-key` I generate only the main key, 'revoker' only able to certify other keys.
2) Then I add subkeys with `gpg --expert --edit-key revoker`:
- ECC subkey to sign
- ECC subkey to encrypt
- Kyber-1024 subkey to encrypt
3) The same way I create a tbr (to be revoked) key.
4) With `addrevoker` in `gpg --expert --edit-key tbr` I add 'revoker' as a revoker key
In this situation desginated revocation doesn't work. While using only ECC, as you have described, revocation works (although gnupg still complains about bad signature).
I am using freshly-compiled gnupg 2.5.18.
So I guess it has to do with these Kyber keys
More information about the Gnupg-users
mailing list