After consulting the documentation, I found that GpgME does not seem to provide an API for exporting keypairs revocation certificates and an API for revoking subkeys. Did I miss something?
Description
Details
- Version
- 1.15.2
Event Timeline
What do you mean by "exporting revocation certificates"? Once such a certificate is imported you simply export the public key including the revocation signature. Otherwise, simply takes the revocation certificates from ${GNUPGHOME}/openpgp-revocs.d where they are written to, if you generate a key. Kleopatra uses gpg directly to generate a revocation certificate mimicking what gpgme would do: See https://dev.gnupg.org/source/kleo/browse/master/src/commands/genrevokecommand.cpp.
As for an API for revoking self-certifications on subkeys. That's indeed missing currently. As a workaround you can expire a subkey in 1 second. It's not the same as a revocation, but it also marks the key as unusable.
Thanks for the reply, this source code file and suggestions are very useful. Let gpg execute commands is a solution, but it is not optimal compared to providing a functional interface.
In addition, it is reversible to revoke the subkey by expiring it. But I will use the solutions you provide at this stage, knowing that you have time to provide better solutions. thank you!