17

I am currently encrypting some personal information using gpg (gpgdir actually). I have a copy of my private key printed onto a sheet of paper in the form of a data matrix lest I lose the digital copy of my private key.

However, in reading up about encryption best practice I've often come across the notion of "revoking" my key. In gpg, I can generate a revocation key using gpg --gen-revoke KEY, which can later be used to "revoke" my key.

But what does that actually mean? And how is it useful? I have found a plethora of information online about how to revoke my key and generate revokation keys, but none on what actually happens when I "revoke" my key.

Is this functionality useful if I am the only intended user of the encrypted data?

quant
  • 303
  • 2
  • 7
  • 1
    Dupe of http://security.stackexchange.com/questions/101445/my-openpgp-private-keys-are-set-up-with-sub-keys-what-happens-if-i-revoke-a-sub and http://security.stackexchange.com/questions/101189/should-i-revoke-regenerate-pgp-private-keys-after-computer-is-serviced-by-appl is an example. Yes, revocation only matters if you are receiving from or sending to other people; for purely "self to self" use you simply stop using a key if it is (possibly) compromised. – dave_thompson_085 Jan 01 '16 at 20:06

2 Answers2

12

Think of revoking a key as a comment added to the key file. This comment, if present, will tell others users of your key (someone that send you encrypted gpg emails for exemple) that the key have been revoked and that they shouldn't use it !

Revoking a key is only useful when you send it on key servers, to make others know it's revoked.

WayToDoor
  • 563
  • 4
  • 13
5

Gnupg is open source (yeah!) and hence it can be looked up what happens. When you create a revocation certificate for a key i.e. via `gpg --gen-revoke name"

it internally moves through the following functions/key steps

  1. main() in gpg.c (the gpg command line tool) is called, then
  2. parameters parsed and then gen_revoce( const char *uname) in revoce.c is called,
  3. inside then it retrieves the secret and public key for the uname
  4. it then calls make_keysig_packet in sign.c like this 
        rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
                              opt.force_v4_certs?4:0, 0, 0,
                              revocation_reason_build_cb, reason );
    with the keypair (public pk and secret sk) and provides additionally a functionpointer to revocation_reason_build_cb and a string with the revocation reason).
  5. internally make_keysig_packet then uses a hash_algo to create a message digest md, which is eventually provided to complete_sig( sig, sk, md ); that internally calles do_sign and uses assymetric encryption on the md.
  6. the created revocation certificate (which is sort of a type of signed with the secret/private key message) is created.

Then in this certificate provided to a keyserver will allow for this (as @WayToDoor phrased) it the comment to the key on the server.

Only the person in possession of the secret private key can sign messsages to be verified with the public key and hence, a revocation is a "sending of a private key signed message, hash of message generated and assymetrically encrypted" kind of thing.

My take on the further thing is that once revoked, the keypair is burned (trustwise worthless).

Therefore it would be smart to have used a subkey to a safer (air gapped) master encryption key, allowing the reissuing of a new working subkey to replace the revoked key, without the need to safe channel wise verify the public key of the new subkey-keypair.

humanityANDpeace
  • 1,412
  • 1
  • 12
  • 24