View previous topic :: View next topic |
Author |
Message |
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Sun Feb 11, 2018 2:52 pm Post subject: [SOLVED] how long before gpg key is revoked in servers? |
|
|
Something like twelve ours ago I revoked one of my keys. I believe I have followed all the proper steps:
Code: |
[vinicius@testudo Videos]$ gpg --recv-keys F2D61DKK
gpg: requesting key F2D61DKK from hkp server keys.gnupg.net
gpg: key F2D61DKK: "vcmota <mymail@thatserver.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
[vinicius@testudo Videos]$ gpg --import ~/revokeforkey2D182910.motavc.asc
gpg: key F2D61DKK: "vcmota <mymail@thatserver.com>" revocation certificate imported
gpg: Total number processed: 1
gpg: new key revocations: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-02-12
[vinicius@testudo Videos]$ gpg --send-keys F2D61DKK
gpg: sending key F2D61DKK to hkp server keys.gnupg.net
[vinicius@testudo Videos]$
|
and indeed the key, locally, is shown as revoked:
Code: |
[vinicius@testudo Videos]$ gpg --list-keys
/home/vinicius/.gnupg/pubring.gpg
---------------------------------
pub 4096R/2D182910 2009-08-25 [expires: 2019-08-22]
uid Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
pub 4096R/F2D61DKK 2018-02-11 [revoked: 2018-02-11]
uid vcmota <mymail@thatserver.com>
|
But until now, twelve hours later, the key is still showing up as "nothing changed" in the key servers:
Code: |
[vinicius@testudo Videos]$ gpg --refresh-keys
gpg: refreshing 2 keys from hkp://keys.gnupg.net
gpg: requesting key 2D182910 from hkp server keys.gnupg.net
gpg: requesting key F2D61DKK from hkp server keys.gnupg.net
gpg: key 2D182910: "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" not changed
gpg: key F2D61DKK: "vcmota <mymail@thatserver.com>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
|
Is this standard behavior or did I made some mistake? Thank you all!
Last edited by vcmota on Mon Feb 12, 2018 12:17 am; edited 1 time in total |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Feb 11, 2018 6:33 pm Post subject: |
|
|
Are you saying that when you fetch it the status changes back to unrevoked? Does that happen on a separate gnupg keyring? Can't reproduce. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Sun Feb 11, 2018 8:13 pm Post subject: |
|
|
vcmota,
You revoked the key locally.
You updated the key on the keyservers, so its revoked there.
You refreshed the key from the same key server as you uploaded it to.
As a result, nothing changed locally.
Its revoked both places. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Sun Feb 11, 2018 11:35 pm Post subject: |
|
|
Thank you very much NeddySeagoon and Ant P. I guess I guess was just not understanding basic aspects of the whole process. I though that once revoked the servers should indicate whenever possible that the key has been revoked, but that is not the case. That happens when I tipe the command
Code: |
[vinicius@testudo Videos]$ gpg --fingerprint mymail@thatserver.com
pub 4096R/F2D61DKK 2018-02-11 [revoked: 2018-02-11]
Key fingerprint = F922 C2BD D726 DF84 B4BE ACB7 0F8B A7B9 F2D6 1DKK
uid vcmota <mymail@thatserver.com>
|
but not when I ask gpg to update the keys.
Thank you all very much. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Mon Feb 12, 2018 9:51 am Post subject: |
|
|
vcmota,
The key servers take some time to share key updates. I don't know what it is.
Its possible that after you revoked your key, if you fetched it from a different keyserver, the revocation would not have propagated. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
|