Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] how long before gpg key is revoked in servers?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vcmota
Guru
Guru


Joined: 19 Jun 2017
Posts: 367
PostPosted: Sun Feb 11, 2018 2:52 pm    Post subject: [SOLVED] how long before gpg key is revoked in servers? Reply with quote
Something like twelve ours ago I revoked one of my keys. I believe I have followed all the proper steps:

Code:

[vinicius@testudo Videos]$ gpg --recv-keys F2D61DKK
gpg: requesting key F2D61DKK from hkp server keys.gnupg.net
gpg: key F2D61DKK: "vcmota <mymail@thatserver.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[vinicius@testudo Videos]$ gpg --import ~/revokeforkey2D182910.motavc.asc
gpg: key F2D61DKK: "vcmota <mymail@thatserver.com>" revocation certificate imported
gpg: Total number processed: 1
gpg:    new key revocations: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-02-12
[vinicius@testudo Videos]$ gpg --send-keys F2D61DKK
gpg: sending key F2D61DKK to hkp server keys.gnupg.net
[vinicius@testudo Videos]$


and indeed the key, locally, is shown as revoked:
Code:

[vinicius@testudo Videos]$ gpg --list-keys
/home/vinicius/.gnupg/pubring.gpg
---------------------------------
pub   4096R/2D182910 2009-08-25 [expires: 2019-08-22]
uid                  Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>

pub   4096R/F2D61DKK 2018-02-11 [revoked: 2018-02-11]
uid                  vcmota <mymail@thatserver.com>



But until now, twelve hours later, the key is still showing up as "nothing changed" in the key servers:

Code:

[vinicius@testudo Videos]$ gpg --refresh-keys
gpg: refreshing 2 keys from hkp://keys.gnupg.net
gpg: requesting key 2D182910 from hkp server keys.gnupg.net
gpg: requesting key F2D61DKK from hkp server keys.gnupg.net
gpg: key 2D182910: "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" not changed
gpg: key F2D61DKK: "vcmota <mymail@thatserver.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2



Is this standard behavior or did I made some mistake? Thank you all!

Last edited by vcmota on Mon Feb 12, 2018 12:17 am; edited 1 time in total
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Sun Feb 11, 2018 6:33 pm    Post subject: Reply with quote
Are you saying that when you fetch it the status changes back to unrevoked? Does that happen on a separate gnupg keyring? Can't reproduce.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54216
Location: 56N 3W
PostPosted: Sun Feb 11, 2018 8:13 pm    Post subject: Reply with quote
vcmota,

You revoked the key locally.
You updated the key on the keyservers, so its revoked there.
You refreshed the key from the same key server as you uploaded it to.
As a result, nothing changed locally.
Its revoked both places.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
vcmota
Guru
Guru


Joined: 19 Jun 2017
Posts: 367
PostPosted: Sun Feb 11, 2018 11:35 pm    Post subject: Reply with quote
Thank you very much NeddySeagoon and Ant P. I guess I guess was just not understanding basic aspects of the whole process. I though that once revoked the servers should indicate whenever possible that the key has been revoked, but that is not the case. That happens when I tipe the command

Code:

[vinicius@testudo Videos]$ gpg --fingerprint mymail@thatserver.com
pub   4096R/F2D61DKK 2018-02-11 [revoked: 2018-02-11]
      Key fingerprint = F922 C2BD D726 DF84 B4BE  ACB7 0F8B A7B9 F2D6 1DKK
uid                  vcmota <mymail@thatserver.com>


but not when I ask gpg to update the keys.

Thank you all very much.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54216
Location: 56N 3W
PostPosted: Mon Feb 12, 2018 9:51 am    Post subject: Reply with quote
vcmota,

The key servers take some time to share key updates. I don't know what it is.
Its possible that after you revoked your key, if you fetched it from a different keyserver, the revocation would not have propagated.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy