Unable to issue subkey revocation
Andrew Gallagher
andrewg at andrewg.com
Tue May 26 10:28:14 CEST 2026
Hi,
On 26/05/2026 00:02, marqueandreprisal--- via Gnupg-users wrote:
> My guess of what the bug is would be when the primary key has
> been revoked gpg2 only assumes all subkeys are revoked while not
> actually applying subkey revocation packets.
When the primary key is revoked (and particularly when it has been
"hard" revoked, such as "key has been compromised") the entire key is
rendered unusable. If revoking the primary key was intentional, then
there is no pressing need to revoke the subkey also.
That said, normally when gnupg revokes a primary key, it also revokes
all the subkeys, for avoidance of confusion (I have reproduced this
behaviour with a fresh key). So the issue here appears to be that
somehow the primary key was revoked without explicitly revoking the subkey.
One possible alternative explanation is that keys.openpgp.org is not
retaining the subkey revocation on seeing the primary key revocation
(based on my argument in the first paragraph above). Is the copy of the
key you are working with the same one that you initially revoked, or one
that was downloaded from keys.openpgp.org?
A
More information about the Gnupg-users
mailing list