Mailing List Archive

Oliver Wellnitz wrote:

> I created a test key and a revoke certificate with PGP 2.6.3in and gnupg
> won't accept the revoke certificate if you import the test key first.

If you already have imported the secret test key, why not have GnuPG issue a
new revocation certifivate and import that?

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Sun, Aug 27, 2000 at 08:31:58AM +0200, Johan Wevers wrote:
> > I created a test key and a revoke certificate with PGP 2.6.3in and gnupg
> > won't accept the revoke certificate if you import the test key first.
>
> If you already have imported the secret test key, why not have GnuPG issue a
> new revocation certifivate and import that?

I did not import the secret key and I don't want to do that. But that's not
the point. What happens if you don't have the secret key?

Example: Your mail partner sends you a revoke certificate for his key
because it is compromised. GnuPG ignores this revoke and you'll end up
using his key again and again.


Oliver

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Oliver Wellnitz wrote:

> I did not import the secret key and I don't want to do that. But that's not
> the point. What happens if you don't have the secret key?

Then you can't revoke it. And that's a good thing: otherwise you could
revoke my key for example, and I yours. Is that what you would like?

> Example: Your mail partner sends you a revoke certificate for his key
> because it is compromised. GnuPG ignores this revoke and you'll end up
> using his key again and again.

Then delete that public key from your keyring. I had a similar situation
recently, where I sent my revocation certificate plus my new keys to a pgp
user. His pgp saw 2 revoked keys of me in his public keyring and decided not
to use any of my keys at all (I only got an encrypted to self message).
Deleting the public keys was the only solution.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Sun, Aug 27, 2000 at 02:13:24PM +0200, Johan Wevers wrote:
> Then delete that public key from your keyring.

I know you can work around it this way. But why not change gnupg so it
imports revoke certificates correctly? I really don't understand it's
current behaviour. Am I missing something here?


Oliver

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

I wrote:

> I had a similar situation recently, where I sent my revocation certificate
> plus my new keys to a pgp user. His pgp saw 2 revoked keys of me in his
> public keyring and decided not to use any of my keys at all (I only got an
> encrypted to self message). Deleting the public keys was the only
> solution.

My mistake, this was not a problem with a pgp version but with GnuPG 1.0.2.

BTW, is the default reply address changed from the list to the sender or is
it my email software?

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org