On 03/06/2012 01:36 PM, auto15963...@hushmail.com wrote: > Looking at this instruction, I think you assume that I have > imported the revoked key onto my keyring. I have not done so. On > my keyring is the valid key, which is not revoked. The revoked key > appears to be on a keyserver. When I do a search and view the > result online, I can see my key ID number and user ID plainly > identifying this key as having now been revoked. I have not > imported it.
So much mystery involved here! You're making everyone guess at the situation by not identifying the key. I understand you might have reasons for this caginess, but please realize that your reluctance to spell out the details of the situation makes this process take much more of your time and of the time of other people on this list. You might not be aware that keyservers don't check the correctness of any of the cryptographic material placed on them. So it's possible to upload something that looks like a revocation certificate but would be rejected by any reasonable OpenPGP client implementation, since it would not validate. > The really wierd part is that I never publicly put it > on a server myself. Anyone with possession of an OpenPGP certificate can upload it to the public keyservers. > I am reluctant > to import the bad one because it might mess up the good one. I understand your hesitation to import the revocation certificate to your public keyring, though you can probably clean it up with some of the subcommands of gpg --edit-key . Alternately, you could create a new GNUPGHOME directory and work temporarily from that. e.g.: mkdir -m 0700 ~/tmpgpg GNUPGHOME=~/tmpgpg export GNUPGHOME ... do your work here, you'll start with an empty keyring ... rm -rf ~/tmpgpg unset GNUPGHOME > So, I > am not sure how to look at the certificate with your command, which > appears to require that I export it. Does it not? No, you could also just fetch the key from the keyserver via http, and feed it to gpg --list-packets directly. Here's me doing that with my own key (you'd need to replace the long keyid with the keyid you care about): wget -O- \ 'http://keys.gnupg.net/pks/lookup?op=get&search=0xCCD2ED94D21739E9'\ | gpg --list-packets \ | less however, importing it into a gpg keyring is probably a better idea, since it would let you verify whether the revocation certificate is valid. Regards, --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
