11

I revoked my key today, and uploaded it to the server. However, When looking at the server web page, I saw it says **key revoked** [NOT verified]. How do I verify this?

I am using gpg.

Improve this question
1
  • 2
    this means that the key is no longer valid so its simply an other way to tell all the others that you have revoked invalidated the key and they should no longer trust it. it does not mean you have to validate that it is really revoked. hope its clear now
    – konqui
    Commented Nov 7, 2014 at 6:39

2 Answers 2

Reset to default
4

I think I found an answer in this thread: http://www.gossamer-threads.com/lists/gnupg/users/65236

In short:

There is a packet which looks like a key revocation but it could be forged. If an OpenPGP application downloads the key from the server then it does a signature check.

Improve this answer
6

How do I verify this?

As Jon Callas already stated at Crypto.SE way back in June 2012 : you simply don’t.

In case a different wording helps, here’s a quote related to the exact same question… https://lists.gnupg.org/pipermail/gnupg-users/2014-February/049100.html

On 02/19/2014 11:55 AM, Hauke Laging wrote:

Am Di 18.02.2014, 23:19:33 schrieb Tadas Slotkus:

Hello,

I revoked my key and on the public key server it says: "* KEY
REVOKED * [not verified]" Why does it say that revocation is
not verified?

That probably refers to the point that the keyservers don't do
crypto checks. It means: There is a packet which looks like a key
revocation but it could be forged. If an OpenPGP application
downloads the key from the server then it does a signature check.

That is a correct interpretation, indeed.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .