Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Malformed Revokation Certificate?

  

 
GnuPG users RSS feed   Index | Next | Previous | View Threaded


brewhaha at edmc

Aug 7, 2012, 6:18 AM

Post #1 of 14 (329 views)
Permalink
Malformed Revokation Certificate?
I submitted this revokation certificate to a couple of servers and
they said it was malformed,
and I had trouble guessing how to generate anything different. So, I
imported the revokation certificate, exported the whole key, and
submitted that. It worked.

Thanks to the availability of PGP 2.6.3i, I am now the proud user of
a public key that has my name and my email addresses on different
packets, and for which the encryption key and the signing key are
identical. Thanks to the availability of PGP 10.x, a photo is on my
public key. GPG won't put photos on PGP 2.x keys. It can. No matter
what the relevant Request For Comments (RFC) says, it can. It makes
the key unimportable by PGP 2.6.3i, and the key servers have it.

I have a hybrid key.

The key servers can also import public keys designed for SSL and
S/MIME. PGP 10 will export them. GPG won't import them, though --
something about invalid user ids. It says the same thing about the
public key for a time stamper (invalid user id). Maybe GPG should be
more tolerant.

Sigh. The public key I want to use is already on my GnuPG public and
private key rings. When the signature on this e-mail failed, I went
in to the GUI key management, and found that I am using a different
version on the CLI. We are _losing_ features, here. Maybe it'll
import into version 2.x if I delete the photo.

gpg (GnuPG) 1.2.2
Copyright (C) 2003 Free Software Foundation, Inc.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (MingW32)
Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp

mQCNA1Ag9S8qxgEEAKtpjDbYEVXw1dgl1AdvNvehHjNaelMxl31k6wKIUlXRQoaA
UgK5r+CIOa4HNtMYB43JaUa9p23sodfwg+OMrmg3VahSYg+Sz9v2fWJSNDfdIKmk
n7/cDs6nA4MDItvKEF1f1xBAYIhUBGhnPD2EYWlvwVdKjq2QGMpO5M0l1VNFAAUR
tApKYXkgTGl0d3luiPUEEAECAF8FAlAg9t4bFAAAAAAAEQABa2V5LXVzYWdlQHBn
cC5jb22PMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29t
cGdwbWltZQUbAAAAAAUeAQAAAAAKCRDKTuTNJdVTRZIzA/4pc/72hGw/eD55UwUs
VY06fc7UHe2ys7+91IIslJZj0x0HyakV8H7rAhSgO+NzouBKMl9mMEgDY+d6hBbS
kz1I1D1vYrrK/rU2crPNXxDhNaksmnsFK6CboCHZJJwYiiwY869vyxG8iPMQm0vz
jvKBY5RZCzS6/uwYQBpqf8KpELQhPGJyZXdoYWhhQGZyZWVuZXQuZWRtb250b24u
YWIuY2E+iPUEEAECAF8FAlAg9t4bFAAAAAAAEQABa2V5LXVzYWdlQHBncC5jb22P
MBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWlt
ZQUbAQAAAAUeAQAAAAAKCRDKTuTNJdVTRXFyA/9A0HGM5IM90lelCBV15vi+I2pX
bf+AxstXI3tbhUQk6GlCaK0l6lRB3M3ZmjLCcXOxgkisVdjusTh5ceEudLxQD7qp
Ux5UAzFtj14uxraWS91VhbsGrkqZ3Lmw0Ujlg8Wyb38M5UG0Hf/E9U4YvX+O5RCL
GQtd0kZ0i8wChjvPL7QUPGJyZXdoYWhhQGVjbi5hYi5jYT6I9QQQAQIAXwUCUCD2
3hsUAAAAAAARAAFrZXktdXNhZ2VAcGdwLmNvbY8wFIAAAAAAIAAHcHJlZmVycmVk
LWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBRsBAAAABR4BAAAAAAoJEMpO
5M0l1VNF/UkEAIqRsrTQeh4wmhiYs2dMOWPx+bnbSl6EdRdhg99HH0WKsDSHk6Lg
vrymbX8Hk7PMn1ogHJYZq4UaXF6utRMhgFFLg+ysfoC6qbE8dz/mY+LqoxL0vCAl
ZYJCR5sQxv0FGh9K7tLMOEOpn5RgFiEp37K14xf4UukkV9BkmpzbRmcYtEooNzgw
KSA0NzItNzgyNyAoaHR0cDovL2Vjbi5hYi5jYS9+YnJld2hhaGEvZ3BnL0tleXBy
aW50X0Jpb21ldHJpYy5tcDMucGdwKYj1BBABAgBfBQJQIPbeGxQAAAAAABEAAWtl
eS11c2FnZUBwZ3AuY29tjzAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2Rp
bmdAcGdwLmNvbXBncG1pbWUFGwEAAAAFHgEAAAAACgkQyk7kzSXVU0WE7gQAl7b9
UJU/YvYE3jseRIiRDJcbfQlMIzEccGAj2RT2AApjZMJwf163w89xSuc5lh0KWUBA
1g36L5AIlTvRmGKfYCVGie1JfTtTeSrEYsNQRH6b5lvHfOrFLQbWIkfxXxcl1hDC
xP0ke+16mQg8aPGr/mNpPLckpuPmJLViOzrN0gq0EzxicmV3aGFoYUBlZG1jLm5l
dD6I9QQQAQIAXwUCUCD23hsUAAAAAAARAAFrZXktdXNhZ2VAcGdwLmNvbY8wFIAA
AAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBRsB
AAAABR4BAAAAAAoJEMpO5M0l1VNFkqwD/1bUpA3dI44hs0eayV7NmOoi8tHpjv9Q
m8HfAQYKRtJkSKSL6ZGXgRFpG3IjDe+TFUbLC884VaXXM8RNrWEs9F39GputUpgp
ozENInuXQFiXmGpa/BoEyN3XJI9F1DDJGn9nTFHAI9Eqcq/+w8qdNmjMZjZJKeZi
Kp0rKsXGliZu0c24/wAADnMBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEA
AAEAAQAA/9sAQwAKBwcIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3
LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47/9sAQwEKCwsODQ4cEBAcOygiKDs7
Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7
/8AAEQgAkAB4AwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYH
CAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGh
CCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldY
WVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1
tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8B
AAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAEC
dwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBka
JicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWG
h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8AqxrxUgWiMVIF4rjAaFpS
OKdikLKuckCmAKKCQuSewqncanBbN8zevOOKyLnW5HIhjjKsOMjvRYaVzSudajtI
ySN204IB5FU5PExIQxjqcsKzzp2p38nmR2zBW7vhQfzpT4T1aM7o40PcYanZFqD7
HR2et2lzEv7xQ56rVlrmPAIYYNcbcaZqFtCGmtGGOpUZx+VMtr94WxI5kXphuoqG
uw+XudsHDjINKRXP21/IQGU/Ke+avw6huxvpXFyl8imEUgnDDNKGDUCsIRxRTiOK
KBCRipgMCo4xUV3crAmO5Ga0JIdS1KOwjAVd7nkLnFc/datcykhguGPAU/5zSalJ
JPPvBOe2O1a/hvQWZhdTqXdj+6B7e/1qkikiHSfD13f7XuWaGI9IyPmP+Fdhp/hq
ysox5MHzY5c9fzNaljZxooUDBHUKMn861EgjjUZiZqGap22MpNLjXqI/++qkOnBT
gNGM/wC1WskS55twBTzGpJxED9eKlwL53c5+XTFIORGfxya5jWvCFpdlpI42il/v
xjH59jXeTwf9M49vWqE1sF/hI9lNZ2tsaJprU8ju7PUdFlKzqHtieJFGR+PpT4b7
euCea9CvrGGdWR4w6sMYI6/4155rWivo1159tk2rHDL/AM8//rU076MiULaov2l/
821ufoa04ph8pByD+lcnFcxu20gjH51tWNxugjLnJ6ZqZKxmbYk3CiqkcnTB60Uk
yWi/uEa5PasXUXaWU7mIz/CB2rTuJNoC5AA5Oaznc3E7eXH+7HVjXTFGN7ENhYRy
zAvkqvODXbaNbAW6v0z+tc5p65cAcg8fWuktrj7JZxtjIUZz6D/9daWshp3OjtVE
aDJCgCrJYHHLYrjJvE11G223hOOx6itLT9VurnduIZuNuKizNY2bOjjYKe5JpfMA
RiegqhbXLO+HHOOT7VJvEkWC2evPrTVjX2Y+Q5j3A5z2qnJG7Kfmx+FTRvH5TEni
LNU76/gtV+eTyt3QVnLyKtYrXCDYQTwfauc1a2jngeNhlWGPWtKbX7MlgWwB0Yjr
WfNd29xCTGRtb/OaxafUpM4g2IR2R3wwPDAVf09mjja3kOcfdPqKW5ULICcZLHOa
hJEUq7ifm6EGqtdGMlZmrH8vfiiooZA8f0orICxqL9IwOTVWN1WExx429z6+9XNR
ty0O8dBwfpWUjEQkBsf3iB09q76fwnJI1dMk2tk549a3LGC4vRGx4gXke/8Anmuc
szi3ZRnpgcc12Vtcw2lmpzwF71ZUFfQlj063EartGQcjjFX7O2gjctHGFYdqwo9W
ke5WKGNSXXcpJxx7flVuC/kWT94u055wc00aNJbHRwW0bhipGcYxj2pUtjDFGCoz
jJ9qjtLmOSMSLj3q3I8ZQu33evBpSS6hGb2M2WMAtGXOH5zjisTVbD7UfmZQo449
Kv3l2JpDg/KvpWJe6kN5QHJ74qeW5o5LZmTNo/mNw3B9OBUcyNa27xMuAR8p681e
OpQoArAjHdqJZormI5x9aymmUkt0cveSh7gKOm6mSFWQgAFgcgH+lV2OLwx9txH1
7VPNERCG5I6jB5FRFaEzepcth+7yoIUjvRUdpKzQ7WVgR60Vg9xo3WAaMg9CKx5L
T7O7pn5Q2fbp3/z2rYU1QuYWa8c4+UxfhXZDc5ZDtLhMigKv+JFb1zAz2sURJVSQ
GI9KoaBbssLNIBnp9K6WK2E0ap+Rq2ykmjP1potI023h0uxilLKWkd4g5JGOOQcd
T09OKsaFbrfaO11NGIJo2+aMHhsjJ49RnqK2bS2dCGPVeM46/lU4zGwOMn6Vrz3R
hGjZ3TKlqn2F8kko43DIqxLJINKdgPmAJGe1Ry77i4yfuxflUkzRx2zc8Y71hUk2
dtKnd8zOcZnltFSIHcVBY/zqJtPW10yW+Zl8uMgB8bjIx6YHp15/Q1PaymC9ZcZj
yTj1FXLkwyQG3aMNbMdxjUkKT68dKdKaa1M61OS0jocnYRWmvNIsV3OJlBYB8FWx
wRjAweaz0We1eWFyWEX3fTHWujFraWDNJZW3kkgr8pPfk9+KzfsxczSyAhnbpnti
lUkuiHTjJbs5V1xI4Jw5i3A/rmnQ3BkhEb53KeeKNQBi1JRj78WBUsFpHG4LcEEZ
rJO0S5r3i/Cu2FQfSinA7iFGMe1Fc7RRpqatWkcL3EYk/wBXg7vyqoKs2Kl7lB15
5+ldcdzmLWnsskshXhTKxHbgGukto8KpIPSud0+EQXkkJzgSNjtwea6u0ClRu5GO
apo2jsSJvdhGqkAd6sMgihYdWPerEca4AHWo7valu0j4AXmhJi0RlyuIVWEH5mOe
KW8jAsSAeSKfp9sLuUXEgwq8KPWrl9bCSBlPccZqZm1N2ZxFq5a4YHG6Fv0rXmt3
T5o/9WeQPSsKBXg154HPDNtB9fT+tdaYR5HlsOnSso3tdFySvZmFKGO4EAgc5rOu
U2hs8Gtua3Abp07Csm/2oGI69c0m7i5bHEarl9YtlX++F496tBTGxB6jg/WoRiTX
GdgWWP5yPpzUzvvdnxjcSahvoE1sTQEebH9aKbbczR/WinHYwluaqmpYZGikWSM8
ioBUgPFboxNG3na4uXuBHtwfmA7cD/Cuk06cuoGeBiua0MxvLNCx5OP5Vp210tna
CSTiPk7q13RpBnW2zAjk8D1qtrjhbNfmyrN82Pof61y7+KRCCVfMfUY/wrH1nxdL
PGYoicqM88Z4pXsDVztfD+oLHCYZAAy84JHI7GtK+1GBLVmYqAOSSa8c0qW7juHm
W4dZGwXfkgD0PX1Fauvz3CwQpJI8qOAGy3Ge44/rVfZF1TJ2uRqt/Nc26sIQ22KR
QQMjuDXZWE0lzpcM0y4kaIZOMZ9/615xpWvSxuLKdw1rEcCMDHFdidehNuDG3yj5
celYOy2OhNtXZZvXEK8EDHU1zl9N5m6MHJxgYqWXU3lmaI4bjPB7VT63BL9AvpS5
R8ysc/E8dtq8zlGYjjOOBxS55qMyCSWRwQdzknH1p2awe4pO5as13TA+lFLYMFLE
kCitaa90wluSQ6rp0riOO7iLHgDd1p2pX66fpss2RuVflHv2rz6PBU55xVtpLu5t
Ft2lYwryFft/Wun2ZkdN4C1Rvts9vM5dpG3kseuRj+ldheW8lxpLRxs3lqfnz04r
yixun0rVILgHIU4bb3Feo6fqUclur8NFKM5689apopMx5bKeO3DlT5YGeAOtY21y
MYOWGD6k13MjRy2camQFpMqNuAKoHSY55g6gYB9eB9ajkvsEZFLR/D19PCskIRYw
c4OAzepxV/WtKvWRg0YkgMQzt6g9j7mpLhZdNuQ1rIyhVBGO4zzx61Xkvbu4wHuX
ZupC9+ev86qySsVc5SW3khlYuvzEY6c1Ysb6VI0VnOx+x6Aity80xLlIXkY5K5zn
riqw0m3hY7pABF90HuKycdS7uxW0/wA25vU8thuB+6x/lV7V7lrO3LybYmxjAotE
ggm+0xr5Sxds53E9TXL+K9YaeT7OrckYNCTC5zTXEn2h5I3ZS7E5Bx3qxHf3NvIr
rKxYf3mJz9arxwFod+09etIThj7VpZGd2dVp+rW94u3OyXvGT1+nrRXJx5HPOaKy
dJdCuY0Q0ceCI1DAZ/yaTz32lw20DjimhJGbDfzokHliOPHVxk10mDI5ixkQscls
/nXQ+HdYe2iNpJ865KxbuMZ7VztwcumDnljmprOXa7DhR1B7/pQxo7y1mmefy42B
YnGBwAPX2rUM7QQqN2Wl3FT2A7cVz/hvUVefZIokZuVB6NWxePcXE0iP+7bjc2cD
p0FIa0NWzghubcvI29iPlOCAMdqztQthYGNo3DN1BU/h+tPtr5YrVlEjM0XIGeuM
jj8aqanePIi7WjI7buoNKQ02I2oYgwynPDfpzVK6uiVLRkt0IxTomW+CM7eVLkBo
wMA+prO19xpqsI5A25sAegqC0Qy6x5FpIWb/AFeQBn1rk5pGuZnnckljkVPPO8/y
n5gw4A7VEYWSP5hgCmkJskjuBHbBCuOOoqK3jUyDeQFPPNMDfuyT3FLFznnoMVRJ
Ykt06oRx6dKKiLAKSCeMUUAf/9mI9QQQAQIAXwUCUCD4HRsUAAAAAAARAAFrZXkt
dXNhZ2VAcGdwLmNvbY8wFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5n
QHBncC5jb21wZ3BtaW1lBRsAAAAABR4BAAAAAAoJEMpO5M0l1VNF5WQD/A9G3KGh
LB90Zqm7lFm6Qwsl1cf73z16hUxoj+8XoY05SCoRBpCxyCRsowLlBGjohz65fQmg
B65OySmrp6OcqqZY45OFjl6JiTCGikt6HnKC/FncuJCQUsnJ+CuOpe53Q/2oKtON
OMDQS2SBfHavvafUpBEhqfXfapU1tx4EjsW0
=Bd6h
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PUBLIC KEY BLOCK-----

iOkEIAECAFQFAlAhAVlNHQJJIGZvdW5kIGEgcGFzc3dvcmQgc3RlYWxlciBhbmQg
YSByZW1vdGUgY29kZSBleGVjdXRpb24gdG9vbCBvbiBteSBjb21wdXRlci4ACgkQ
HjtqnNd0gPaEVgP3eXtePlejx+qc7/HzAoEoHTbw1o9nZiI6VMsgFMF3OPzx21bI
4WENrd6luDXV2bxSv0rqHZIpPm8RecRx13rPVkXyiI1Pt8//siPQSlcnesdgirsp
BPHNzOhlcrBOOak6pQ4NNj0VtDoz9O4sheeJqbAdndeHS7H8HIB22ri7CQ==
=EJrI
-----END PGP PUBLIC KEY BLOCK-----



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


brewhaha at edmc

Aug 7, 2012, 6:33 AM

Post #2 of 14 (324 views)
Permalink
Malformed Revokation Certificate? [In reply to]
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp

owGleUms9Gx2VjeBRa5yBYIFrQjU1ZBW/lZ1f+Wh7Cq30gvb5alctst2eQxK43me
7bLLitghhigSihIRiTFCWQXEAoSElBULkAJBiBCxYAOiJSRYIGWLQLx17/f3//dA
SENJ99atW6/Pe87znOec89p/7fXHvvDFL/6W/J3f/urv6swX/8FX/5L/E1GdJZWX
lR/GZbx+5Us/K2yGya+ycYzCzZhmw6aP7k3hjVlTb4KoH7M4C7wx2ozNxtsEzdSW
0aaJN0PU36N+2Hj187LosRm8LNxk42b2hk3llXHTV1H49c3ry3OFsEk9sK5vJh9c
nkzRMGR1skmb+Wk3ieqof+7h1Q/gAvgizOI46qN6/LDRm6+Dy7Oqbfp3F6P/g4df
30TL5xbNaQO2KqLH1998/HyQHjArAE+bvojCD68vry+31KuL4enL81LvDvDx/KzM
xscz1it33SAf8A9o9nTFqzb102+wsAUBhZsJYPFc5m1aEF4WPDd92wUEDbB4bGqv
it6cAH9HT+w3Xhj2AINo2IAYvhvspvWCIhqHd48BgiCILEjftorqoH+0bzE/zX+E
fTNkSf0E7O1/fbTJQmAHwFF+2PzfY4KhD8vXn26nDViVvTkDXPwsig8b7soBnOqf
Br5N4/vCt2XvkCzPRcMbmIFXf9jIDaAegPx0HIT/zlUZ3T0QmxZ1gPZxw4Kw6Kaq
gJ/D5hONpb8GUucBYs4+GgHGKq8A0Dwvf8Y11e/se8/c8R/fQ8enODzXfZqSqXcH
QIxvxArvn7xN+vB7kKDPoN4J/95rwM4brxyaj4n2OQyGTRg9UY7eGdH1y9um+k4S
JObDRxw3c1aWH/Pv6U/1eeQ+mnz+++vgdzMl6eYb39gMTRW9Z7vnNwDcrL57ZfYx
nbLwHdYnNO9EP3Po88vf8u+zfHv65m3GDKwaRq9qgY1Pvs/i1z5sJO/hR2+uDcCP
MtyAT1XTP9VdAgnW76DpWZI+8+d7NhCAsgGNIFGAuWeyeGUfeeHjY9Jw9QSsflz/
BKjts/tT089re+A2iMdKo/q7WeuNE9i3qd+LTvSNN13E4NezaoDNnnrI6k/TlzOE
N0uVV3tJ9EyeT0Uy1e+Sflfm9FZXvM9p6knvUzXN+9b0RQCORG9i+XbZPJd/exNH
b96AJEzBRZ/ClI0/DUj9yF5WA08+tfXM/CwGO4Ygu5+18QnVUxtv8CVtsvnkDY+v
beAPyAfk9YVu2kcPUB03n4B8RyAI3bB9FIHiFo/z0xX2GcdbSQPB18GbnW88XxTD
CfJbll0N6iLQG5FxNtRFocW3r19fzHefvvmRgfvbjptPJBCYhSJfe+79JrZvbtJx
bL+520VB/cHzPwTe7i/4fQSEmno74PJOjB6As3r8NpU9M7PPgg9Vi35ok/bpTKXS
MgmTCaEfuyVhGFIc2/zkO4xpz3CYlDAZ3uV7lPK57EWltJQoXOCzKBilramNR76+
GImI9VtaULw9L4+SQ+3Rs2d4RIugQxPGc7JVpL5KUNNLdSfZ6itxR2LrrMunOBTE
qnh9qQ+74DTgNbmXTsJ4FxkWjuGFIh0hNSgura8nhHGs8j6boZh3iMpJrYJJUAmb
MkuShvb6MpKt6NhFcuNKKETLKbsaIBSGJtkjS5YgunHvg6VvL0YlKQ8xsYttro4V
lipP1a8vAY3lPoJcJUp/X0aTJIVSD9dyy6A+ly4Nl77Ftv7zvZLvLldOLkTNLkpO
DkKMwAIXzr5Vjq5q+O8mjIhU3/4Qae0k3qabfA7Nm+YKK7nbt8HugKTcvItOGGbM
xgAodyA8Dg4GHyGP4bAlYEEYyrObQwvEP7zCPPKHnkz1RNnKazNRolQSlcQkJ2cb
4inl668vxQoL8Am+O30v7noDCfqrbC+nVPaKoaoHVsRpv6F593yenSybnSNO3B8L
d8yuklpB9/X1Jb+LlINpLr3q+G6aHZVqu/gotsxFTa/c+eHaYeNYaapyLsDGnFxb
nVxLG30Eg3xkP72+OJYAEGG2PyoHnzLw+vL/ysGnDLy+vHGg/j4c2OyD3BEkxHMS
JkgEVEYlTZkwds+2AtLary9+vCWXYbQFdPRTQy1wrqQ9ESrxUqNQCXWr/EIHtrIk
RTaYYT4NtxQLImYKL4t6OnRAW8aCGeTKjjm8n5bes3QCNlN/4Pqic9FLNUNGXiZH
6+GjRwkzOIiPdwxh7J27vVUwjb68vnDqGEKFC2XHmU7z+/VyUI3v5cDM/QxLnQzL
nRsuEKqqkqpA2rNBG/QJ1Cc0HYyPkGskyfauXYyhLacuYpJPtC4ARd85zqzwvgi8
8QEPkK7MR1CZQJsXyxyB9gbw/sS48Cys/owtGGBPjZ4Fl5Q2UE8LlLan3m01Zwbo
9PXlU6XujIIhhU4b+psapfu5SjNnQEJJsa7L1q99vcSZUAvThCB4HrLE4aTzBX5J
Xl/u/aPy7SNfHK5SDTcJf3bcbm94NotPoyalCcteku1jiBsa73zmGK67ytleuma5
QHeaLEE+OGdawwZ1uUMslxLiYbxICqO0NaYlbMa06EGE90u8N6aiMAmqqNrV16rA
GZmmkddkfn0RdRKSV2EEnx7yg2w8XoOCU3O/IJ/jQCe2DsjTEElTj2PuAJv6Ao1l
ZFMPMC9bGGRD5xagVob8uXUe2BicpOnJg+jkMEWRFJlQMaWeVeHqR9zynrgkxZCk
NYIoIh2GA4StXeOznM9X0kje14G3cAasVa4NcsRSR9eCU8+awfuTKw3kpF+Fn/Fu
AxY5uPUtg+Vm5mmB5RPmXXhJoT6KQ7HqtmlAFnNIVLI8+ATI6rOxc+4Og+ZDpAmZ
djoHfqyWkrAyQcCROaLdEJJsc1c6zzGMo/ORWPQpwMoUEi2DAv0CTlD8gpFCebtr
FSfGDm1yWQSf49t4i/SecQZZ1Xjcx8o7Hys9e1F9SyjixV6CEk5P9OvLcoWKaAvj
lZocvSvX7yq5vV6Cop2u1fliZsray1DSQcy6ZAAP1OPYxjGo0uXg/FJhAMnw9INq
+VG08vryw9Tyo2jl3cL3q+VTrRTdfNrBvtGSaCjs9+kARd7DPMiV0mTHkW/zO6GC
3n3kY1J1RG08F7qoX3CXsxONbTlUyE/R9sYa/oU+HvemZ9vSUZN7ixkIFiU4MPMb
b/2/WRlZqCdbZTO74lpvRzXMQ0bts0Cw8Ol05mqivrE8KRBMF3S77XzsQrnKJTd3
z2LkZkAXLdSLg82VmTtBAbLfzSR5qqVnzlIfK+9nr+vO2W1B9WdaTjccklSZNyTB
WrByRwykOpMiNQcCNTsiTSYCPTciPe8dhtzLJ3UfspqjcbQUn3U14x9Ces4GFNSo
h9PKdJEKOUVJNxVT1v32mhmTxpSnK5Og19v+8G6dAdYGBVgKGIoMlEeSiafh8Pqi
rMPh/+fn9WV3fHa1hCxIak/OTAayQyNVSSNBVSep47PnsSBe6u3nsxdQvMRQqsOD
eY4sRHoHVl8MgIZAkbNEU6TEUqr6FCUVq6CXzgA81dCFG0tRqaw5apAFmvpIXC4F
FmiZHgLGNEZ+Pp/kLGiEM506NkcV3ll3apEuOvlkIKCGYUohM5rh8jpTigasmWYZ
Oq8vlgmUy4EKgqStV8tQaLtoxJd4stfZtImEzOn0AtPNso2cyu2yBtfLtouazuvA
xKLDYBLro/3k9/R8vLHLEAuPoNch4mbCY+wgYZ/up2uBRX6NK3V3jC8rcbURYpdj
2/sbTm+6kKjvIqUyP4DU53DS3nBKwKIZ6OwNJwbUh3B+W61RpJFKqqOrJsM7NnMT
cpGiKY0uPG6Z1SKX4MvMWucHpDbW+XRLzzHzhtXryxlgJ+oNLOfBXrm1J40xOQ1K
z3opG6bp2hZbeg6iAeWHjWe1a8ibSIimWNSIp1SwuNeXdJ+ds1a8lWfLKrHMrTox
b0WravGs7XpxHS8WMh4ybBoup0WyueWYnx/j5QbLtgUTufv6gkyXHFPsCtvmLX7/
HqQ8kpxPQDM088yw05Hsln4xEiuTTIHd9znpsS2YBhUxzIqLOAUFXZGiSKuTHs1d
Dc7ElC8f1+iuKOLjUlsYL6R5Lg6KlN81xzNXfQq9fBReXx66jEB7gcJYA7syi6Au
eRcM4rq2SIse60pDVso63FM1Xtvb/gZ70qHZQ9fA8WqX7U5AF7yGRCNSrsz9sKgY
3ptlX11JwXHkwA88t2NHmqtGjlNaw122pjT2xN5aBKyw23RqOoDkNG/tKRz4Uy7I
omZfEXgnqJwBzjVb7z7j6bTcWzDOlcesYoykPp1kkTsZ9CBoi3bLFBHUKIrWsjaR
6Ga/GCYa9GSlYJwHnYVQh0VlzkkzPNTFpWaDHTisBY8iTSbuSho7bNW98gzy4Xq9
U0qEKLC3S++q5abhrbPDfItTh2gHd0VWZLwen2A0PtiT5XECITyu1XXLhmm7SzuA
5NAsmMSvDhYQ8Sp7Ze4uTWOcKN4QpfqIw0yS54abuR3ntQgitfIltztht912hVJT
N3D8lDlpN9OwNRQ6ho0zdVu59rwwJyISy/mCoQG2tW+soGhcvDw8LLfuNNuGZSvs
kazc3UHfzHmMyO3oNseEtCfuVsfAA7tLBaKUXWQcvHPbG8d8OlyNkC3FtePHLDqz
nLa9AnZ9wGY00ZFH0Pee40JL28/4IDkCvtvDGNZb2b2BYYwYC6TnT5cdKR134AwC
HXApMy5ec0fK3evLEYGnuPGgfZseW+px2oLJng2WCYES4B08WvIyJfmlPuNu54pL
5TsFSmddEdQ3CocMMJE+rGw3MR529QbbsD3LOFTCuqMppL9NZ7mhMZLEFG+tA5Q5
RDa/PfBmDnDh5AMjp44GJrGVvBfdXTnZvif7pIXfoXU7BliLYwEZJMfYmoqxzw9n
dxlzwXBX/LQjQs8a0hZV8tFkwCx3OtMJ3Z8dnr84fX6+MzDMIWCEUJQFz4CMCXPq
63AS3EmexGyVHcRX8twRI+zcxhLoeloWJV3q2xdly/OKcjuYwEhh0Uh0v/Y34DHi
bFUsR0lsRbr6zB3EuFq27E2789iNqUHnvcjGAd8lo7mNbo8RVc368hBHp7fpk6MC
ir0pgD0kr5NITkuLu1qj6NsHqUysmYKcvAfVPpZDhFjoGwfObzvFW7zYaKV9ggga
oqHzfD2RZgwRVZ57aKEEcXjtRAszLgIduBdeAXUyPTNGd8jiCme4bgw5CVTEnj/e
4yxrGpc8xlDTC/TSXQhhVm6mJcMWsyx7hFjxLWHLz5P7A1KOITXHrWXkjFpQQ4xm
FER0Bzye67MAh1KBjAW2Jzz0wtH7u8Yt+8QuItBw62oKXl+GNUNdrW6TIIARcwxm
pATj+8weYNdgwWiaQzjKeP3IqUGes/ZBQZI8GHmOdcJubggLnJojzBI5WbftAAhq
OcSlOdG7wroR+wnCsDmAIE8++7w2W5CfZi0XOEuOtMaYn1iObp6n5jPR5eOlUnRJ
v+RohwpHV51QNLpTra7jKecjEmJJ5MjZCo+teTbcTP90MOLKVZv9HszV4h0tkXN7
SnbivbXOEV7ImMqfD/susrAGu7jVTW7AoDujFKFQRvCQPeSwSBOpHVv8CEeg2rdq
Q/Zkzofd2W36SsAWwntUlVGMUHCP9PSQiEqFVzprgTmFTYKE35YmolzmhRgXHvTu
g3kFQwHNYQKeg5KvsR6zRm0wptvDoxEM0ByMsBVX9WCZiYZDZkIsDWqRnpQQtLhg
4MR6OygHcKhSkdhv0d2K9I4Bq5NjecdgvzWWOLXdU4C5p/GSSlki3rdn1odXckUG
QzubOphpQeUUG4/yh+EiC1TdEiJuiQgDee1W65BHUeVXuG1GAQJig6YlKy+iVYT7
BDtziqIGIfABIhRx8Fi/jz0FhmVOODfI1pP4dMjPe0KrOxHxdSSkuasZSXt8Vxr7
lZsVqcbNfkVBTqZc7qI3sexqhD0WRbNHT0K3XM6g/4TJtSLPXARrj8Mh2z/iaYlL
o1i1BVmDo3OAU6MA5+5wFOvwuCqBW5cjqwt8YFLObu3O49WCoYe1dcvjJCXU0c+F
BXf4FsZ2KnwFdNGEG7g5qHK3HGbtSzE/VA71JNmXwiU3CvGGH0MxFD0PlnBY0aG8
CWpHs6q7LAwmqpxLyqGOrLW8vsxaTs6Rt0JWBEcW+7AYG41vvDXlbO9ZJ/nsWmhR
JP2xvcYFsRXXeFiCVX+Qae239QgqDAhsyvhbfvYHzIQXYX+esQwld31VqyhVpIyP
oWIUibJKZfBZyw9HizIGtuW5/SVgGDDD9GcF0rEezXb0hLBqrGc1echYTopgNjho
Wtt5o1UEF5Rxit1M2cnh/ugacUDE8lBSMPb6gm3LMAjX6mLVw1AMqZ3exIX3Ew7U
6OYotsIVDCvQllHtojiviS7nIwganyC61CaMU0CtbhskH/TzPUy5riBD0LOSLHVC
6xr1TODtSd5qDnevnKB8T9oVOFNAWvmYBNNieKxSgLJE65iTg05Guhi3xHCZDJtJ
5u4oXq2+JHxap8prEIB+VcEy4i5sh3l7h+dw9g71djWCE8oNa3aEFalXfRBBlDC2
568neaSI+LYdQ8/RML4clFofGnQM2Yd+dytW5JQ9QyYB1isTOHcj6XDkxslDSb+F
DvRQ7ZCGE3AigCowRvo8KHEl4Yylvd2yewIfqRu3UHie7KxGy242UFaYWNYVe1zb
1Vjv97Be8kD30nsDhoCbykQ+T3ii7wertrOymnfmcvK6qnVcLissXTq+vmQNZSRX
1m8WmUNrbz/ZE8WPc1yRh+AEGC4gPJgaLqKyyYOk5X6R6QVTrpjZIjA01qBf0Pot
uxaHDka1lqotZCXz4niCO9BuU1+Oq0cvH5FrE+Pw47AVNZo2Yyk2nN3c83C9hKDC
XDmnyYJOOh7dfWsPJ3Md49O2ufC045Lk47g/88KBG8UtzFEXs3I6UtF1UH6gzjrk
E1+BrrcPXW624yI5QVcbZr3pvqL0rLZn4dgpJPdAuWi/3/Vm7LLw7YxMWjfu5ADB
B0FFEBHUB1WV8ulkuxYDlWsbSNBjX3iCq0guscNhbGmtu75MFzGcYZBhtHTi2TAL
o1SeThz6yEFWB1HpKA9ESeXRdt27zYhH5sQb8FoSMlbhEn9eEqezbAMtK0/Y+/mV
Opg3HKUuBHlvdWBBOz6GYMccw7E7riXn5LmiUAsYDDvpQeuWNqvhWtQ83CLeHO1b
BfMGGL2R25K9OBJ7ATNMQWej5xEQ4FlX8R6c4zNFOWQXPjmF4LLWxvG4HQZEm8y4
5O9Iv+JXysCwxRzby4SNry8sGOyduX+w8bizphpxi1De07B2HwfiLmFhy6HFEE1a
DjScRtaxXNqLtgxo2cX1Cu3BBPLIlqmGelO4JLxg7H0fZaMGjzsjKKf+KLOihOFH
Aii4lRbMFyMFPZU3zOEiUhkdBAaznOQoFnfCCxiVcu2BBF6lsq3UyRMpNrzuYFiC
Jw5FRBTh5cV9YFz2ou1OMHGlh0LQnBlwsVdI0OYWcwcmpLulJZBTJJK6jnhC5Ieq
vaRuKE8q3AuP1KSAKNd1wWG7uPvTfuYnoCx3amliG92PePfQBzPAdFBZ09IBicU4
eAA7g4+bAmTWyrJdcDIbH0douZSCXTiYiK01qJNZN0MVmjqHlqRYAuIn8RGE+mFa
LGg3kwh2N45jOlFbfNmV5sE8lL2CXh6+Uy052YyAzSSpttDSY/oSDhjKEDf7shUJ
x4tAS+6DwpHpG42tN5upkRQTUFc/MBi1oN3Cx6h8FwAXvbg4MVqdV8Lrl5ltwi1E
RKNwS/OD2bpciIRmu+0tMBOhysO+czd4W/eafV4w/qp4IuAiPIf05EAqFES0AJ9I
d/fwbiuKlDMCnfIMlFbOP8VrU/Blplx5cylgqDoJWLYU6hCUw+vLrrbVLR86EZLJ
7fmIY+LiT5J7ACqfg6k61WVetb1ie4dTqsHUYdeqS3N4wFUVxY89Qr2+ODVHzSQ4
KveGdFDVTkasEmVvCChR5grOboYZxa7QFO5kUrhsLdE1sBkou24Pfh4gwen1pYVY
wYNka03SyQ/uAkJk11KhSSns1lEdU4eTG/Qkw5SxS7fjdewxB5xqmVyCbIGLJglM
g/nR67w6ugrZwcqFgz81sqhCiIA0TjI/6uspbldTxKfMvGhgOhOWW1NZW1o6ROal
oBrQuyVyC+KEiaXtBgEDCTCQ4LxAQ+oDXzC2FSx/R7KRStVwX2AtN7l1HRRlXpjX
q3LcAS5qLJn35MFkHEu/YmlCV8V5KHJQsH2KnhSl6UQ0Nx6nSGWvV1k6xdPjhrIX
dq3rRjI1cOZ1gGd4oy14KIrZhRR1OpIMg4x3RPX99073vPaD905BPvwITxp+2L1T
UGl/+N1T8ve7d4pZ6mlHEhwqPu+JXSgCcrvqULIVrs5DCQfxAV1hPDWWJt8e7caB
MJ1uNKqllwetDc18KSkub9IVx2K1Sl5fKBxTHnrVt7gSdJ3r7DGFzUv8nN1o0BlH
nK9FesfWwXSmVWOoz1sAbxthqAoatDgqMpjMpZOqIzoV8979/jxjUUzaxXbstQY8
LnsmHyzo9eVbVIinH58OM/Lp93s2/Ad9hgxatlIwwttDOPX5EC4lzVLm1fNZ4Nx7
aGGFwDFJwLFrgIb3oFKTANVKx1rKIKNSH3wGaaA/H8DB95AzkicxLph2Is7MQ1tr
fWSfhBxx92nq7mfUGOnUG1XgO2Bh//YY4fWFz8eulkMouXqMmVzRyB6jaxnly7YL
Djt+JRum4W/+DDdE7WYCbkpDwkosqlzXBYF94fVlbzFyH+IlaLom4i86mKs63hXa
a3XUokBbYLS/moX9yAT4Oh53uyG7qnoZ1NEQJlk/tIDEKy+vSloGPaUoXoG36l6W
c8gcT81KKPshjaJz55NhHUa8fuCPvEAhSJ8daPVb3wLUMOde+INQ81e+8Cs/9ke+
cP3Kl372t+Tv/PZXf1dnvvjFv/lLf/gLf/vX/+UnfyjFf+rnf0f9ua/9xX/xG79p
/fxf/pnv/PKR/sW//m9/7b/9lz/+m0TXf+Uf6f/6F/6d9mXmX/3HX/mdP/+ff+0/
0L/6C//+p4R//Evpj//e7n8G3h/9X6mBVn/Vkf7sl//k3/qZ//HfH/8w+dI/+clf
/HP+f/1j/yxL/8Yv//qvyv/mz5g/+U+nf/73/9SX/vTf+RO/95++/OM/Z/3dn/jK
kP+9/w0=
=Pjkt
-----END PGP MESSAGE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Aug 8, 2012, 1:20 AM

Post #3 of 14 (321 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On 07/08/12 15:18, Jay Litwyn wrote:
> I submitted this revokation certificate to a couple of servers and
> they said it was malformed,
> and I had trouble guessing how to generate anything different. So, I
> imported the revokation certificate, exported the whole key, and
> submitted that. It worked.

Now, I haven't ever revoked a key, but I wouldn't be surprised if this is how it
is supposed to work. After all, the revocation certificate is just a special
type of signature. You don't upload signatures to a keyserver, you upload keys
with signatures to a keyserver. The keyserver then merges in all the signatures
it has on that key.

> gpg (GnuPG) 1.2.2
> Copyright (C) 2003 Free Software Foundation, Inc.

That's old. Like, really old. Why do you use such an old version?

As for PGP 2.6.3, I believe the idea (IDEA? :) is that if you really still want
to use that, you have to be prepared for some struggles to get all sides
communicating. That's the price you pay.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


brewhaha at freenet

Aug 8, 2012, 2:24 AM

Post #4 of 14 (321 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On 2012-08-08 2:20 AM, Peter Lebbing wrote:
> On 07/08/12 15:18, Jay Litwyn wrote:
>> I submitted this revokation certificate to a couple of servers and
>> they said it was malformed,
>> and I had trouble guessing how to generate anything different. So, I
>> imported the revokation certificate, exported the whole key, and
>> submitted that. It worked.
> Now, I haven't ever revoked a key, but I wouldn't be surprised if this is how it
> is supposed to work. After all, the revocation certificate is just a special
> type of signature. You don't upload signatures to a keyserver, you upload keys
> with signatures to a keyserver. The keyserver then merges in all the signatures
> it has on that key.
As long as the signature names what it signs, I do not see why a
revokation certificate should not work on its own. It does when I
import a revokation certificate to my own key.
>> gpg (GnuPG) 1.2.2
>> Copyright (C) 2003 Free Software Foundation, Inc.
> That's old. Like, really old. Why do you use such an old version?
I had trouble finding a binary of anything more recent, and I had
trouble configuring the 2.x version that I installed with enigmail
to use pgp2 and support IDEA. In fact, I've forgotten where the
configuration file for 2.x is, and it still is not configured with
IDEA support. A lot more keys are on my keyring for v2.0.17.
> As for PGP 2.6.3, I believe the idea (IDEA? :) is that if you really still want
> to use that, you have to be prepared for some struggles to get all sides
> communicating. That's the price you pay.
>
> Peter.
>
I have trouble enough getting any correspondent to use cryptography
when they should be using it. OH...I was going to revoke _this_ key,
and because gpg 2.0.17 skips v.3 signatures, I still will.
Attachments: signature.asc (0.36 KB)


dshaw at jabberwocky

Aug 8, 2012, 1:53 PM

Post #5 of 14 (322 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On Aug 8, 2012, at 5:24 AM, Jay Litwyn wrote:

> On 2012-08-08 2:20 AM, Peter Lebbing wrote:
>> On 07/08/12 15:18, Jay Litwyn wrote:
>>> I submitted this revokation certificate to a couple of servers and
>>> they said it was malformed,
>>> and I had trouble guessing how to generate anything different. So, I
>>> imported the revokation certificate, exported the whole key, and
>>> submitted that. It worked.
>> Now, I haven't ever revoked a key, but I wouldn't be surprised if this is how it
>> is supposed to work. After all, the revocation certificate is just a special
>> type of signature. You don't upload signatures to a keyserver, you upload keys
>> with signatures to a keyserver. The keyserver then merges in all the signatures
>> it has on that key.
> As long as the signature names what it signs, I do not see why a
> revokation certificate should not work on its own. It does when I
> import a revokation certificate to my own key.

A revocation certificate is a bare certificate, not attached to the key that it revokes. This is an extension to the spec that GnuPG implements (as it is easier to save/print/archive a bare certificate). If you want the keyservers to accept them, you need to talk to the keyserver folks. As this is an extension, they aren't required to support it.

Alternately, if you set any of the PGP compatibility options (--pgpX) in GnuPG, it turns off the extension and outputs a public key along with the revocation certificate, ready for directly sending to keyservers.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Aug 9, 2012, 1:46 AM

Post #6 of 14 (322 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On Wed, 8 Aug 2012 22:53, dshaw [at] jabberwocky said:

> If you want the keyservers to accept them, you need to talk to the
> keyserver folks. As this is an extension, they aren't required to
> support it.

Actually it is good thing that they don’t accept them. This avoids
accidental uploads of the revocation certificate.

We may want to display a warning if a user tries to upload a bare
revocation certificate.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Aug 9, 2012, 2:13 AM

Post #7 of 14 (320 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On 08/08/12 10:20, Peter Lebbing wrote:
> Now, I haven't ever revoked a key

It's not really critical information, but I meant "using a revocation
certificate". I did revoke a key just by using "revkey" from the command
line "--edit-key", and subsequently uploading the key to the keyservers.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Aug 9, 2012, 12:17 PM

Post #8 of 14 (320 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On Aug 9, 2012, at 4:46 AM, Werner Koch wrote:

> On Wed, 8 Aug 2012 22:53, dshaw [at] jabberwocky said:
>
>> If you want the keyservers to accept them, you need to talk to the
>> keyserver folks. As this is an extension, they aren't required to
>> support it.
>
> Actually it is good thing that they don’t accept them. This avoids
> accidental uploads of the revocation certificate.
>
> We may want to display a warning if a user tries to upload a bare
> revocation certificate.

That's a good point. There is no easy way to undo an accidental revocation once it hits a keyserver.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


kristian.fiskerstrand at sumptuouscapital

Aug 9, 2012, 2:07 PM

Post #9 of 14 (323 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On 08/09/2012 10:46 AM, Werner Koch wrote:
> On Wed, 8 Aug 2012 22:53, dshaw [at] jabberwocky said:
>
>> If you want the keyservers to accept them, you need to talk to the
>> keyserver folks. As this is an extension, they aren't required to
>> support it.
>
> Actually it is good thing that they don’t accept them. This avoids
> accidental uploads of the revocation certificate.
>
> We may want to display a warning if a user tries to upload a bare
> revocation certificate.

Hi,

I've added a patch to my local patch queue[0] that add the warning "Add
failed: This is a stand-alone revocation certificate. Revocation
certificates should be imported to a public key before being published
to a keyserver ". The patch is applied to [1] for testing.

If it works as expected I'll set up a pull request into SKS Trunk.

[0]
https://bitbucket.org/kristianf/sks-keyserver-patches/src/f1f6b537921c/Error_on_standalone_revokation_certificate
[1] http://keys2.kfwebs.net:11371

--
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Nosce te ipsum!
Know thyself!
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
Attachments: signature.asc (0.88 KB)


dougb at dougbarton

Aug 9, 2012, 4:09 PM

Post #10 of 14 (319 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Maybe I'm missing something in this conversation, and if so I
apologize. But how would attaching the revocation cert to a key be
possible in the scenario where the user lost the password?

Doug

- --

I am only one, but I am one. I cannot do everything, but I can do
something. And I will not let what I cannot do interfere with what
I can do.
-- Edward Everett Hale, (1822 - 1909)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)

iQEcBAEBCAAGBQJQJEM8AAoJEFzGhvEaGryEObsIAKLUTSfff/s80GhXNJnRlN/W
HsRWIqmDJfuA0VsQf8jr4WpLUSo2XF6zaJhnAMVwyxxOwi4zRtlfJL2UziqJGBSW
ilLMUrDvdiPDxnidYUcbXih3A7ONi6WEBkcfGGL+SaGf/w6v3Ve7H/aZoLBPlWFv
lizUpDm0HHy7IRm1AeXZ9Vvk8/DQJMMCGEVziljjEQ429fAu7+wbIhyN3RM+A3z1
C1F6+u3BBH1f2OmyOf9Bk5PzZfvERoMEyyaaYG3+5RFLEgx3DcI4Vmaa1ZlTpmEQ
KNVtYkNLBtKBpKFiGywhreZ/435ujkgQ4iMiXiPOE6nCrk+LD04FDiX0pBHLuOU=
=6dPO
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


kristian.fiskerstrand at sumptuouscapital

Aug 9, 2012, 4:30 PM

Post #11 of 14 (319 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
On 08/10/2012 01:09 AM, Doug Barton wrote:
> Maybe I'm missing something in this conversation, and if so I
> apologize. But how would attaching the revocation cert to a key be
> possible in the scenario where the user lost the password?

Hi Doug,

The discussion entail having generated a revocation certificate using
--gen-revoke while having the passphrase and private key (should usually
be done at key generation and stored at a safe place, and is short
enough that a printed copy can be stored and manually typed need be)

At the time of key revocation it is then appended to the public key
using import, hence doesn't require a passphrase, the same way as A
doesn't need B's passphrase when signing B's public key.

hth

--
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Primum ego, tum ego, deinde ego
First I, then I, thereafter I.
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
Attachments: signature.asc (0.88 KB)


dougb at dougbarton

Aug 9, 2012, 4:33 PM

Post #12 of 14 (317 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 8/9/2012 4:30 PM, Kristian Fiskerstrand wrote:
> On 08/10/2012 01:09 AM, Doug Barton wrote:
>> Maybe I'm missing something in this conversation, and if so I
>> apologize. But how would attaching the revocation cert to a key
>> be possible in the scenario where the user lost the password?
>
> Hi Doug,
>
> The discussion entail having generated a revocation certificate
> using --gen-revoke while having the passphrase and private key
> (should usually be done at key generation and stored at a safe
> place, and is short enough that a printed copy can be stored and
> manually typed need be)

Yes, I got that bit. :)

> At the time of key revocation it is then appended to the public
> key using import, hence doesn't require a passphrase, the same way
> as A doesn't need B's passphrase when signing B's public key.

Ah, that's the bit I was missing ... thanks.


Doug

- --

I am only one, but I am one. I cannot do everything, but I can do
something. And I will not let what I cannot do interfere with what
I can do.
-- Edward Everett Hale, (1822 - 1909)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)

iQEcBAEBCAAGBQJQJEjHAAoJEFzGhvEaGryENKoH/juba+wx0KcwdS4xfLH/3x+z
CLsNORNgucU+UwXC3+tXXMrqVfDCMaemsmWbjO0t0VJX3Q6C7rjc96NgVlSBHC5S
zfcDOOMQFG5oGiWxRzJCYSJ1wHkCOnDO2UZlKRQ/jC4RisONP804cvyRhBgq/EEh
htz10bMYKkWL1FbbLI8Sa1K6AwcHlQfPHMArS7hAIS85ArJ+bzTIEBINdbow6WP1
LO5Ny8S6ujNM4CL/ph1w4NzAvcOi9iJmgvd5Hhl+nPhFKNRce7pI+qeVy7S7+pND
6BKD70YBbzUGx/RqS5T9sttJg1MX1+8a90V33k6nWAzwSwq8LVaag440Wpnz91M=
=jqP5
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


mkaysi at users

Aug 10, 2012, 9:39 PM

Post #13 of 14 (307 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10.08.2012 02:09, Doug Barton wrote:
>
> Maybe I'm missing something in this conversation, and if so I
> apologize. But how would attaching the revocation cert to a key be
> possible in the scenario where the user lost the password?

gpg --import revocationcert.asc

It's automatically attached to the revoked public key in case you have
the revoked public key in your keyring.

- --
Mika Suomalainen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: gpg --keyserver pool.sks-keyservers.net --recv-keys 0x82A46728
Comment: Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
Comment: Why do I (clear)sign emails? http://git.io/6FLzWg
Comment: Please remove PGP lines in replies. http://git.io/nvHrDg
Comment: Charset of this message should be UTF-8.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJQJeIBAAoJEE21PP6CpGcoQTgP/RmU1HN9pJBdQGr08+F1DbUd
rE36ks9L5jqOVYSDRvDwRADEqmqi6gIXytF/nFyqb6X64XETvgVJ8I5ZLqYJDo01
d6F/pSxZZnzgQ4+3129S0wTEosTGTIwniKYlRzuWYkErWcz8Lth3E+Lc5pJxThfW
khsuFbgnPXSD6VyRiC/MUto2zUHrziDTdpBOeagm8odRBd79QiYRmyl6F981jHuY
zzi9+oVZVl3bPL6EYbfS84GQb94Ma9H5xC/g8YpHB1rKh8lDXocLaKVRsoubCRKr
qqTotHqYaIVN6+ZWVvjhMDddF8X+o2uv2YJgiozP7xbyY7Mqw9JyFH2LVBeMZUkv
SXX66SwXaJW5MZsQ7aVP0emrslaZQN9dCvC1eIAsKdB62xrbYtQmBbhnct/Co0eN
/YR+jCNoiLGcR8742NL3c/Eywx9RShUyEuT07wNT3xPJcD3AjXp7vGOZKZeB0gMg
VCe2kBn8fi6yt48chJdNqprAccJF4BDMcpnAIqR6ouDRJgeELAh8CJMURxew32lT
WICvlx/UCNBwdAsP7vE9GnjFMuqkzKehZjyK7RHrOFd2Iu+xFcyCPzeFEa6crABQ
UaTgRQ1jqXXDHrmGBdcWTGmDdzNcQqSu3QmqDiKTpNHrTBTCX0+uqD1x1hlvIPP+
oATGo/2xTwhv2ybO6OdM
=sIzZ
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


JPClizbe at tx

Aug 11, 2012, 7:15 PM

Post #14 of 14 (311 views)
Permalink
Re: Malformed Revokation Certificate? [In reply to]
David Shaw wrote:
> On Aug 8, 2012, at 5:24 AM, Jay Litwyn wrote:
>
>> On 2012-08-08 2:20 AM, Peter Lebbing wrote:
>>> On 07/08/12 15:18, Jay Litwyn wrote:
>>>> I submitted this revokation certificate to a couple of servers and
>>>> they said it was malformed, and I had trouble guessing how to
>>>> generate anything different. So, I imported the revokation
>>>> certificate, exported the whole key, and submitted that. It worked.
>>> Now, I haven't ever revoked a key, but I wouldn't be surprised if this
>>> is how it is supposed to work. After all, the revocation certificate is
>>> just a special type of signature. You don't upload signatures to a
>>> keyserver, you upload keys with signatures to a keyserver. The
>>> keyserver then merges in all the signatures it has on that key.
>> As long as the signature names what it signs, I do not see why a
>> revokation certificate should not work on its own. It does when I import
>> a revokation certificate to my own key.
>
> A revocation certificate is a bare certificate, not attached to the key
> that it revokes. This is an extension to the spec that GnuPG implements
> (as it is easier to save/print/archive a bare certificate). If you want
> the keyservers to accept them, you need to talk to the keyserver folks. As
> this is an extension, they aren't required to support it.

As it is an extension, we don't. SKS also does not recognize the CA
certification on X.509 certificates converted to OpenPGP by PGP. I haven't
checked with GnuPG 2, but GnuPG 1.4 doesn't recognize the CA certification on
those keys either.

Uploading a bare revocation certificate currently fails with an Add Error.
Kristian has modified this for the next release to be a more informational
message:
"Add failed: This is a stand-alone revocation certificate. A revocation
certificate should be imported to the respective public key before being
published to a keyserver"

> Alternately, if you set any of the PGP compatibility options (--pgpX) in
> GnuPG, it turns off the extension and outputs a public key along with the
> revocation certificate, ready for directly sending to keyservers.

Another alternative is to work the desired behavior into the standard. For
example, the present SKS development trunk supports Elliptic Curve Public keys
(ECDSA, ECDH) which are an extension to RFC 4880 contained in RFC 6637.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.