Unable to issue subkey revocation
marqueandreprisal at duck.com
marqueandreprisal at duck.com
Sun May 31 04:05:01 CEST 2026
----------------------------------------
From: Andrew Gallagher via Gnupg-users
<gnupg-users_at_gnupg.org_marqueandreprisal at duck.com>
To: gnupg-users at gnupg.org
<gnupg-users_at_gnupg.org_marqueandreprisal at duck.com>
Date: May 30, 2026 10:34:51
Subject: Re: Unable to issue subkey revocation
> On 29/05/2026 21:14, marqueandreprisal--- via Gnupg-users wrote:
>> The primary key had been initially revoked and should have revoked the
>> subkey also.
>
> This is conventional, but not necessary. If one of your correspondents
> found a way to use that subkey when its primary was revoked, that would
> be a serious bug - but in your correspondent's software, not yours.
> Subkeys attached to revoked primary keys should not be used. It should
> not make any difference whether the subkey itself is revoked.
>
>> The revocation of the primary key should not be an issue because no
>> error is given about usability when going back to reissue the
>> revocation explicitly against the subkey. GnuPG BUG: Unable to issue
>> subkey revocation
>
> It may well be a bug, but afaict it is a minor one with no practical
> consequences.
>
>> Workaround possibility: There may be some difficult workaround like
>> exporting the subkey as a single key and then using it's own authority
>> to revoke itself as a primary key
>
> This would not do anything. If you used the same key material in a new
> primary key it would be a different key. If it then revoked itself, the
> new primary key would be revoked but the subkey attached to the
> original primary would not. Subkeys cannot revoke themselves.
>
>> You may formulate a path to try in this meanwhile time of getting it
>> straightened out.
>
> None of this is necessary. Your primary key has been hard revoked as
> intended, and it is correctly unusable. You don't need to do anything
> more.
>
> A
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
No you are wrong it is not a minor bug I do not agree with you. The
ability to revoke keys is a major feature therefor it is a major bug and
moreso because it is an even larger chunk of what the code of a frontend
is supposed to do, sad that a frontend focuses on the user interface of
functionality only and still fails at a major feature. If you see my
posts on the forum you will see that the supplimental gen-revoke program
no longer works and when you read about gen-revoke in the context of
Michael's blog you will see this major bug would break a massive system
of automation for which is the ideal use of a subkey system. If this had
been PGP 1 this wouldn't be screwed up like this and I don't appreciate
when people argue about this slop instead of fixing it when they should
pay me gratuity for reporting the bug. That being said where can I get
PGP 1 clone to GPG 1 or something that is fully functional self contained
program?
With your favoritism of bugs I wouldn't be quick to pick LibrePGP while
you are the developer. What other options have I?
More information about the Gnupg-users
mailing list