On Thu, Mar 15, 2007 at 04:14:13PM -0600, Kurt Fitzner wrote: > In PGP desktop 9.5, I can delete a designated revoker from my keyring. > Having used GnuPG pretty much exclusively, I was under the impression > this was impossible. It wouldn't be an issue, but having torn my hair > out for several days over why CACert's OpenPGP signature system wouldn't > sign my key, I finally figured out it doesn't handle keys with revokers > on it. > > Since deleting a revoker is possible, might I suggest that GPG > incorporate this ability.
This is not exactly true. You can certainly delete the packet that says "this key has a designated revoker", but note that there is no way to undo the designation if the key has been distributed. It's like a signature from a key you don't own: you could delete the signature packet, but you can't revoke it. Designated revoker signatures are irrevocable as part of the OpenPGP protocol, even though they are issued from your own key. What PGP is doing is just deleting the packet. If you sync with a keyserver that has your key, the packet will just come back. All that said, yes, GPG has no way to delete designated revoker packets. The only way to do it is export your public key and run 'gpgsplit' on it. Then delete the packet you want to get rid of and 'cat' the packets back together. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users