Unable to issue subkey revocation
Andrew Gallagher
andrewg at andrewg.com
Sat May 30 12:31:03 CEST 2026
On 29/05/2026 21:14, marqueandreprisal--- via Gnupg-users wrote:
> The primary key had been initially revoked and should have revoked the
> subkey also.
This is conventional, but not necessary. If one of your correspondents
found a way to use that subkey when its primary was revoked, that would
be a serious bug - but in your correspondent's software, not yours.
Subkeys attached to revoked primary keys should not be used. It should
not make any difference whether the subkey itself is revoked.
> The revocation of the primary key should not be an issue
> because no error is given about usability when going back to reissue the
> revocation explicitly against the subkey. GnuPG BUG: Unable to issue
> subkey revocation
It may well be a bug, but afaict it is a minor one with no practical
consequences.
> Workaround possibility: There may be some difficult workaround like
> exporting the subkey as a single key and then using it's own authority
> to revoke itself as a primary key
This would not do anything. If you used the same key material in a new
primary key it would be a different key. If it then revoked itself, the
new primary key would be revoked but the subkey attached to the original
primary would not. Subkeys cannot revoke themselves.
> You may formulate a path to try in this meanwhile time of getting it
> straightened out.
None of this is necessary. Your primary key has been hard revoked as
intended, and it is correctly unusable. You don't need to do anything more.
A
More information about the Gnupg-users
mailing list