> On 04 Feb 2017, at 03:43, Daniel Kahn Gillmor <[email protected]> wrote: > > revuid does not delete a User ID, it revokes a user ID. On a typical > OpenPGP certificate, a revoked User ID is still present, but it is > marked clearly and verifiably as having been revoked.
Ok. Thanks. > > Note that if you just do your revocation locally and don't find a way to > get it to your correspondents (e.g. by publishing to the keyservers, and > hoping that they all refresh regularly) then no one will know about it, > and from their point of view the User ID will not be revoked. Sure. Got it. > > > The primary key and its subkeys are still valid, yes. If you revoke the > last User ID, then arguably a cleaned version of your certificate > (without any User IDs) will not be considered a valid "transferable > public key" because it will have no User ID associated. > Oki thx. > > even if your certificate as a whole is explicitly revoked, the > mathematical object that is the secret key still exists, and can still > perform whatever operations you require of it. So yes, you should be > able to decrypt anything encrypted to any secret key you hold, > regardless of whether the certificates that contain those keys are > valid, revoked, expired, or whatever. Nice. This is an important answer. > > make sense? > Yes, totally. Thx for explanation. --- Marko Bauhardt [email protected] <mailto:[email protected]> Key ID: 53192101 Fingerprint: DC0F E851 82A3 72E3 7FE1 ACDB 970C FD47 5319 2101
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
