----------------------------------------
From: Andrew Gallagher via Gnupg-users
<[email protected]>
To: [email protected]
<[email protected]>
Date: May 30, 2026 10:34:51
Subject: Re: Unable to issue subkey revocation
On 29/05/2026 21:14, marqueandreprisal--- via Gnupg-users wrote:
The primary key had been initially revoked and should have revoked the
subkey also.
This is conventional, but not necessary. If one of your correspondents
found a way to use that subkey when its primary was revoked, that would
be a serious bug - but in your correspondent's software, not yours.
Subkeys attached to revoked primary keys should not be used. It should
not make any difference whether the subkey itself is revoked.
The revocation of the primary key should not be an issue because no
error is given about usability when going back to reissue the
revocation explicitly against the subkey. GnuPG BUG: Unable to issue
subkey revocation
It may well be a bug, but afaict it is a minor one with no practical
consequences.
Workaround possibility: There may be some difficult workaround like
exporting the subkey as a single key and then using it's own authority
to revoke itself as a primary key
This would not do anything. If you used the same key material in a new
primary key it would be a different key. If it then revoked itself, the
new primary key would be revoked but the subkey attached to the
original primary would not. Subkeys cannot revoke themselves.
You may formulate a path to try in this meanwhile time of getting it
straightened out.
None of this is necessary. Your primary key has been hard revoked as
intended, and it is correctly unusable. You don't need to do anything
more.
A
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
No you are wrong it is not a minor bug I do not agree with you. The
ability to revoke keys is a major feature therefor it is a major bug and
moreso because it is an even larger chunk of what the code of a frontend
is supposed to do, sad that a frontend focuses on the user interface of
functionality only and still fails at a major feature. If you see my
posts on the forum you will see that the supplimental gen-revoke program
no longer works and when you read about gen-revoke in the context of
Michael's blog you will see this major bug would break a massive system
of automation for which is the ideal use of a subkey system. If this had
been PGP 1 this wouldn't be screwed up like this and I don't appreciate
when people argue about this slop instead of fixing it when they should
pay me gratuity for reporting the bug. That being said where can I get
PGP 1 clone to GPG 1 or something that is fully functional self contained
program?
With your favoritism of bugs I wouldn't be quick to pick LibrePGP while
you are the developer. What other options have I?
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
