You might take a look at my forum posts. https://forum.gnupg.org/t/ unable-to-issue-subkey-revocation/7288The subjey is not revoked.
As has been explained to you many times now, both here and in the forum, revoking the primary key implicitly revokes all the subkeys which depend upon it for validity.
$ gpg --fixed-list-mode --with-colons --list-sig B44427C7
[irrelevant certificate information removed]
pub:u:3072:1:1DCBDC01B44427C7:1437075659:::u:::scESC::::::23::0:
sub:u:3072:1:DC0F82625FA6AADE:1437075659::::::e::::::23:
sig:::1:1DCBDC01B44427C7:1437075659::::
Robert J. Hansen <[email protected]>:18x:::::8:
The first line, 'pub', identifies the root of my certificate. The second
line, 'sub', identifies a secondary chunk of key material -- a subkey.
The third line, 'sig', is my certificate root attesting that the subkey
should be trusted as coming from me.
When and if the pubkey gets revoked, the self-signature on subkeys ceases to be trusted. After all, it's a signature from a revoked key.
A subkey without a trusted self-signature is a nullity. They're not allowed to be used. It really is that simple.
I would point you to chapter and verse of the RFCs, but you've also said in the forum that "I wouldn't trust modern RFCs."
We seem to be at an impasse. We are telling you facts and backing them up by showing you the precise language of the RFC in which these facts can be found, but you refuse to accept the RFC as a source of ground truth.
This was a supplemental fix now broke, gen-revoke: https:// blogs.gentoo.org/mgorny/2019/02/20/gen-revoke-extending-revocation- certificates-to-subkeys/
I am unaware of Gentoo ever filing a bug about this. If it's impacting their workflow we'd love to hear from them about it. But it is also very possible that you don't understand the problem that shellscript exists to solve, and are misusing it yourself, and thinking that it's buggy when it's not giving you the results you want.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
