Page MenuHome GnuPG

About the API of GpgME to revoke key pairs and subkeys.
Open, NormalPublic


After consulting the documentation, I found that GpgME does not seem to provide an API for exporting keypairs revocation certificates and an API for revoking subkeys. Did I miss something?



Event Timeline

werner triaged this task as Normal priority.Jul 6 2021, 6:10 PM
werner added a project: gpgme.

What do you mean by "exporting revocation certificates"? Once such a certificate is imported you simply export the public key including the revocation signature. Otherwise, simply takes the revocation certificates from ${GNUPGHOME}/openpgp-revocs.d where they are written to, if you generate a key. Kleopatra uses gpg directly to generate a revocation certificate mimicking what gpgme would do: See

As for an API for revoking self-certifications on subkeys. That's indeed missing currently. As a workaround you can expire a subkey in 1 second. It's not the same as a revocation, but it also marks the key as unusable.

Thanks for the reply, this source code file and suggestions are very useful. Let gpg execute commands is a solution, but it is not optimal compared to providing a functional interface.
In addition, it is reversible to revoke the subkey by expiring it. But I will use the solutions you provide at this stage, knowing that you have time to provide better solutions. thank you!