Page MenuHome GnuPG
Create Task
Maniphest T5859

Kleopatra: Revoke own key
Closed, ResolvedPublic
Actions

Description

In Kleopatra we can only generate revocation certificates as a file. There is no way to just revoke your own key. T5858 might work by revoking the self sig but in general we actually would need something like the revoke interface that asks us for a reason etc.

This is related to key rollover. My workaround for this (besides editing and importing the revocation certificate) was to set the expiry date to "tomorrow" (which was the earliest allowed setting)

I realize that this needs new GPGME API and that this means that the effort is larger then it sounds.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA7aae07cb961f Prevent empty lines in the revocation comment
rKLEOPATRAbbb8e56d8f7b Do not show success message if operation was canceled
rKLEOPATRAfeb5db2dba27 Allow revocation of own OpenPGP keys

Related Objects
Search...

StatusAssignedTask
 ResolvedaheineckeT5859 Kleopatra: Revoke own key
 ResolvedikloeckerT5904 gpgme: Revoke own key

Event Timeline

aheinecke triaged this task as Wishlist priority.Feb 24 2022, 11:04 AM
aheinecke created this task.
werner added a subscriber: werner.Feb 24 2022, 12:25 PM

Do you mean revoking the entire key or a user-id, or a subkey? Having a way to revoke a user-id is probably the most interesting use-case. BTW, there is no "revoke a self-signature" - this is actually a revocation of the user-id or subkey.

aheinecke assigned this task to ikloecker.Mar 28 2022, 1:02 PM

Ingo, it would be great if you could work on that. For me the most intresting use case is to fully revoke a key because it has been superseeded.

The reason behind this is that we migrate Gpg4win Users from Non-VS-NfD compliant Gpg4win Versions to keys created by GnuPG VS-Desktop in compliance mode.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Mar 28 2022, 1:41 PM
ikloecker added a commit: rKLEOPATRAfeb5db2dba27: Allow revocation of own OpenPGP keys.Apr 5 2022, 10:43 AM
ikloecker added a commit: rKLEOPATRAbbb8e56d8f7b: Do not show success message if operation was canceled.
ikloecker added a comment.Apr 5 2022, 10:49 AM

"Revoke certificate" is now available in the "Certificates" menu and the context menu in the certificate list. Don't confuse it with the "Revoke certification" entry. ;-) Maybe we should reword "Revoke certification" even if for me it says exactly what it does.

Do you want to have the "Revoke certificate" action available elsewhere? In the Certificate Details dialog? Maybe even in the New Certificate Wizard as additional option after successful generation of a new certificate? (The latter would be more work because it needs a selection of the certificate to revoke.)

ikloecker changed the task status from Open to Testing.Apr 5 2022, 10:50 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ikloecker.
ikloecker added a commit: rKLEOPATRA7aae07cb961f: Prevent empty lines in the revocation comment.Apr 5 2022, 2:09 PM
ikloecker closed subtask T5904: gpgme: Revoke own key as Resolved.Apr 14 2022, 3:59 PM
aheinecke closed this task as Resolved.May 9 2022, 9:18 AM
aheinecke claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Apr 5 2023, 2:59 PM