On 1 Jun 2026, at 01:47, marqueandreprisal--- via Gnupg-users <[email protected]> wrote: > > You might take a look at my forum posts. > https://forum.gnupg.org/t/unable-to-issue-subkey-revocation/7288 > The subjey is not revoked.
The subkey is not revoked, but you do not need to revoke it because the primary is revoked and that takes precedence. It really is that simple. In the very first reply to your forum post, Sebastian gave you the answer to your question: it is a display inconsistency in openkeychain. It is visually confusing but is not a security issue. Multiple people have since told you the same thing, but you do not accept their answers because you have apparently misunderstood the spec. This is not your fault, PGP *is* complex and confusing, and often badly documented. But please stop telling PGP experts that they are not experts just because they do not give you the answer that you expected. > This was a supplemental fix now broke, gen-revoke: > https://blogs.gentoo.org/mgorny/2019/02/20/gen-revoke-extending-revocation-certificates-to-subkeys/ You misunderstand the purpose of this tool. It is designed to generate revocation certificates for subkeys *where the primary key is still valid*. It is a workaround for an *offline* primary key, not a revoked one. A _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
