Eike, Burkhard - I would like to add this to UserBase, linked from http://userbase.kde.org/KGpg and from http://userbase.kde.org/KMail/gpg - is this OK?
Anne On Saturday 30 Jul 2011 Burkhard L?ck wrote: > ---------- Weitergeleitete Nachricht ---------- > > Betreff: Re: [kde-doc-english] Re: Revocation Certificates?? > Datum: Samstag, 30. Juli 2011, 17:33:22 > Von: "Rolf Eike Beer" <kde at opensource.sf-tec.de> > An: "Burkhard L?ck" <lueck at hube-lueck.de> > Kopie: kde-doc-english at kde.org > > > Am Donnerstag, 23. Juni 2011, um 10:44:28 schrieb Rolf Eike Beer: > >> > Am Mittwoch, 22. Juni 2011, um 20:43:03 schrieb Rolf Eike Beer: > >> >> Am Mittwoch, 22. Juni 2011, 17:15:19 schrieb Burkhard L?ck: > >> >> > Hi Daniel, > >> >> > > >> >> > am Dienstag, 21. Juni 2011, um 05:37:32 schrieb Daniel U. Thibault: > >> >> > > GnuPG4Win/Kleopatra prominently warns about creating a > >> > >> revocation > >> > >> >> > > certificate before uploading a key pair to a PGP server. But > >> > >> there > >> > >> >> is > >> >> > >> >> > > a) no option to do this offered by the wizard and, more > >> > >> importantly, > >> > >> >> b) > >> >> > >> >> > > absolutely no mention of how to do this in the help. The > >> > >> interface > >> > >> >> is > >> >> > >> >> > > of no help, giving absolutely no hint of how to do this. > >> >> > > > >> >> > > I eventually found guidance at > >> >> > > > >> >> > > http://www.emiic.net/reference/57-encrypting-email. Not obvious > >> > >> at > >> > >> >> > > all. > >> >> > > >> >> > This is about KGpg, right? > >> >> > > >> >> > Your a) seems to be a claim about a missing feature/warning/bug in > >> >> > >> >> KGpg, > >> >> > >> >> > please report at bugs.kde.org product KGpg. > >> >> > > >> >> > Your b) could be solved adding some infos about a revocation > >> >> > >> >> certificate > >> >> > >> >> > to the KGpg Handbook? > >> >> > >> >> Yes, please file a wishlist for KGpg on b.k.o and I'll see to get > >> > >> this > >> > >> >> done > >> >> for SC 4.8. There currently is no interface to create a revocation > >> >> certificate for an existing key. You are however asked if you want to > >> >> create one with a new key. > >> >> > >> >> I don't think complaining about a revocation certificate on every > >> > >> upload > >> > >> >> is > >> >> a good idea. But maybe we could do this with a > >> >> dont-show-this-dialog-again > >> >> thing. Please file a seperate wishlist if you want this implemented > >> > >> and > >> > >> >> provide some good arguments to convince me. > >> > > >> > KGpg has an action "Revoke Key" in the context menu, which opens the > >> > "Create > >> > Revocation Certificate" dialog. > >> > But the documentation does not mention revocation. > >> > > >> > Eike would you mind to add something about revocation to the handbook, > >> > >> we > >> > >> > could ship the updated doc with 4.7.1. > >> > >> Ups, indeed. Since even I forgot about it how is anyone else supposed to > >> know? ;) Yes, I think I'll cook up some text for this. Suggestions > >> welcome. > > > > Ping Eike > > Ok, I would commit the following text early next week if there aren't any > better proposals: > > A key pair that has expired can be brought back into an operational state > as long as you have access to the private key and the passphrase. To > reliably render a key unusable you need to revoke it. Revoking is done by > adding a special revokation signature to the key. > > These revokation signature can be created together with the key. In this > case it is stored in a separate file. This file can later be imported into > the keyring and is then attached to the key rendering it unusable. Please > note that to import this signature to the key no password is required. > Therefore you should store this revokation signature in a safe place, > usually one that is different from you key pair. It is a good advise to > use a place that is detached from your computer, either copy it to an > external storage device like an USB stick or print it out. > > If you have not created such a detached revokation on key creation you can > create such a revokation signature at any time choosing Key -> Revoke key > ***, optionally importing it to your keyring immediately. > > *** Currently this item is only available in the context menu. I'll move > this from the context menu to the key menu for 4.7.1. The context menu > should provide shortcuts to the often used items. Revoking a key is > seldomly used (if at all) so it has no reason to be in the context menu at > all. > > Greetings, > > Eike > > ------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://mail.kde.org/pipermail/kde-doc-english/attachments/20110911/c6205ebe/attachment.sig>
