[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] OpenPGP private certification



On Thu,  2 Apr 2015 18:09, phill@xxxxxxxxxxxxxxx said:

> Since the key servers won't allow me to revoke the cert for the
> private key I have no control over, I think that it would be more

They allow that but you need to have a key prepared for this:

 5.2.3.15.  Revocation Key

   (1 octet of class, 1 octet of public-key algorithm ID, 20 octets of
   fingerprint)

   Authorizes the specified key to issue revocation signatures for this
   key.  Class octet must have bit 0x80 set.  If the bit 0x40 is set,
   then this means that the revocation information is sensitive.  Other
   bits are for future expansion to other kinds of authorizations.  This
   is found on a self-signature.

("gpg --edit-key, addrevoker" to set such a key and "gpg --desig-revoke"
 to issue a revocation)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp@xxxxxxxx
https://www.ietf.org/mailman/listinfo/openpgp