Page MenuHome GnuPG
Create Task
Maniphest T1849

Show revocation certificate details
Open, NormalPublic
Actions

Description

Years ago, I have generated a revocation certificate and printed it on paper. Now
I have converted it back into file form, and I want to see what’s in it.

----

$ ./gpg2 --help | grep -a rev

     --gen-revoke           Ein Schlüsselwiderruf-Zertifikat erzeugen

No words of printing the contents of a key revocation certificate.

----

https://www.gnupg.org/faq/GnuPG-FAQ.html

No question about printing what’s in a key revocation certificate.

----

GPG doesn’t add a comment to the key revocation certificate, telling the human
reader for which key ID this certificate applies, when it has been generated or
some other hint.

----

The data of the key revocation certificate is not encoded in ASN.1. If it were, it
would be easy to decipher.

----

Looking at the base-64 decoded data, I managed to find the last 12 digits of my
key ID. Why only 12 digits?

----

So how can I print the information about the revocation certificate, like this?

$ gpg --show-revoke revoke.asc
revocation certificate for key [...] BACC F5EE
reason: 1 (key no longer valid)
reason: I accidentally published this key in a local newspaper
valid: yes (the signature of the revocation certificate matches the public key)

Details

Version
1.4.18, 2.0.22

Event Timeline

rillig set Version to 1.4.18, 2.0.22.Feb 22 2015, 4:40 PM
rillig added projects: Feature Request, gnupg.
rillig added a subscriber: rillig.
rillig added a comment.Feb 22 2015, 4:53 PM

After trying some more, I found out some things.

I just have to run "gpg revoke.asc", without any options.

But then, the reason text that I entered when generating the revocation
certificate is not shown. Nor is the numeric reason.

gpg: standalone signature of class 0x20
gpg: Signature made 02/22/15 15:46:23 Eur using DSA key ID BACCF5EE
gpg: standalone revocation - use "gpg --import" to apply

And I dont understand what “class 0x20” means.

scy added a subscriber: scy.Jul 5 2020, 9:44 PM

Since this issue is what I came across when googling for gpg inspect revocation certificate, I thought I’d add what I found out:

Using gpg --list-packets --verbose revoke.asc at shows the complete key fingerprint the revocation certificate is for (hashed subpkt 33 len 21 (issuer fpr v4 B7C1E06…)) as well as the reason (hashed subpkt 29 len 1 (revocation reason 0x00 ())).