On Mon, 13 Oct 2014 00:35:20 +0200 Hauke Laging <[email protected]> wrote:
> Am So 12.10.2014, 23:35:16 schrieb Dr. Peter Voigt: > > Can I still use my existing revocation certificate with my key pair > > Yes. > > Thanks to all confirming my assumption. > > I am supposing the revocation certificate just refers to my main > > key ID regardless of the identities belonging to the key pair. > > To the fingerprint (or: the key data itself). > > http://tools.ietf.org/html/rfc4880#section-5.2.1 > > 0x1F: Signature directly on a key > This signature is calculated directly on a key. It binds the > information in the Signature subpackets to the key, and is > appropriate to be used for subpackets that provide information > about the key, such as the Revocation Key subpacket. [...] > > BTW: You can test this. You don't kill the key / certificate as long > as you do not upload the revocation certificate to the keyservers. > Just make a backup of the public and the private keys (maybe not even > necessary but may be easier). > > As long as you import the rev cert just locally you can delete it. Or > delete (and restore from backup) the whole key if the rev sig cannot > be deleted alone. > To be honest I have little knowledge about what is going on when a key pair is revoked. I just know that I would have to import the revocation certificate to my public key ring. And as soon as I have freshly published it to a keyserver my key pair is marked revoked. I suppose the revocation certificate being a kind of replacement of my public key. As it is bound to the fingerprint of a key pair it can mark the key pair revoked as a whole. I suppose such a key can never be activated again. This is somewhat opposed to a key pair with all of its identities being revoked. Some or all identities could later be activated again and - moreover - this key pair could later even get new identities not being revoked. I would greatly appreciate anybody to confirm or correct my rough understanding of the revocation certificate and process. > > Something else, doesn't have anything to do with your question but > may be of interest as you work at a university: > > http://www.openpgp-schulungen.de/fuer/hochschulen/ > Nice side information. > > Hauke Regards, Peter
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
