Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
revoke last valid user ID
ilf at zeromail
Jul 22, 2019, 10:28 AM
Post #1 of 4 (337 views)
Permalink
Doing more keyring housekeeping, I would like to all revoke user IDs of
keypairs with revoked/expired certificates. However, I am getting this
error:

> gpg: Cannot revoke the last valid user ID.

This is also in the documentation:

> --quick-revoke-uid user-id user-id-to-revoke
> This command revokes a user ID on an existing key. It cannot be used
> to revoke the last user ID on key (some non-revoked user ID must
> remain) […]

https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html

Why it this?

I have keypairs with revoked/expired certificates keys in my keyring
which have *all* user IDs revoked. And I am sure I want to do this. Is
there a way to override this limitation?

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: revoke last valid user ID [ In reply to ]
gnupg-users at gnupg
Jul 22, 2019, 12:13 PM
Post #2 of 4 (337 views)
Permalink
On 22.07.2019 19:28, ilf wrote:
> Is there a way to override this limitation?

I'd try adding one dummy User ID, revoke the rest, then delete that
dummy User ID before it gets sent to the keyserver.

I guess you don't want to revoke the entire key...

Kind regards,
Wiktor

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: revoke last valid user ID [ In reply to ]
ilf at zeromail
Jul 22, 2019, 2:40 PM
Post #3 of 4 (337 views)
Permalink
Wiktor Kwapisiewicz:
> I'd try adding one dummy User ID, revoke the rest, then delete that
> dummy User ID before it gets sent to the keyserver.

Thanks, that sounds possible. But I wonder, if there is a reason GnuPG
won't let me revoke it directly - and if so, if that reasoning is strong
enough to not even have a way to override it. Since I have keys with all
user IDs revoked and I only ever used GnuPG, it seems I was able to do
that once.

> I guess you don't want to revoke the entire key...

The keys I am trying to do that for *are* revoked or expired. That's why
I want to remove the (immediate visibility of the) user IDs, even from
the classic SKS keyserver network.

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: revoke last valid user ID [ In reply to ]
gnupg-users at gnupg
Jul 22, 2019, 9:52 PM
Post #4 of 4 (337 views)
Permalink
ilf@zeromail.org [2019-07-22T23:40:42+02] wrote:

> Thanks, that sounds possible. But I wonder, if there is a reason GnuPG
> won't let me revoke it directly - and if so, if that reasoning is
> strong enough to not even have a way to override it. Since I have keys
> with all user IDs revoked and I only ever used GnuPG, it seems I was
> able to do that once.

Maybe you have previously revoked the whole key. Such key is shown with
all its user IDs revoked.

--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal