[kde-doc-english] Fwd: Re: Re: Revocation Certificates??

Anne Wilson cannewilson at googlemail.com
Sun Sep 11 14:30:15 UTC 2011 

Eike, Burkhard - I would like to add this to UserBase, linked from 
http://userbase.kde.org/KGpg and from http://userbase.kde.org/KMail/gpg - is 
this OK?

Anne

On Saturday 30 Jul 2011 Burkhard Lück wrote:
> ----------  Weitergeleitete Nachricht  ----------
> 
> Betreff: Re: [kde-doc-english] Re: Revocation Certificates??
> Datum: Samstag, 30. Juli 2011, 17:33:22
> Von: "Rolf Eike Beer" <kde at opensource.sf-tec.de>
> An: "Burkhard Lück" <lueck at hube-lueck.de>
> Kopie: kde-doc-english at kde.org
> 
> > Am Donnerstag, 23. Juni 2011, um 10:44:28 schrieb Rolf Eike Beer:
> >> > Am Mittwoch, 22. Juni 2011, um 20:43:03 schrieb Rolf Eike Beer:
> >> >> Am Mittwoch, 22. Juni 2011, 17:15:19 schrieb Burkhard Lück:
> >> >> > Hi Daniel,
> >> >> > 
> >> >> > am Dienstag, 21. Juni 2011, um 05:37:32 schrieb Daniel U. Thibault:
> >> >> > >    GnuPG4Win/Kleopatra prominently warns about creating a
> >> 
> >> revocation
> >> 
> >> >> > > certificate before uploading a key pair to a PGP server.  But
> >> 
> >> there
> >> 
> >> >> is
> >> >> 
> >> >> > > a) no option to do this offered by the wizard and, more
> >> 
> >> importantly,
> >> 
> >> >> b)
> >> >> 
> >> >> > > absolutely no mention of how to do this in the help.  The
> >> 
> >> interface
> >> 
> >> >> is
> >> >> 
> >> >> > > of no help, giving absolutely no hint of how to do this.
> >> >> > > 
> >> >> > >    I eventually found guidance at
> >> >> > > 
> >> >> > > http://www.emiic.net/reference/57-encrypting-email.  Not obvious
> >> 
> >> at
> >> 
> >> >> > > all.
> >> >> > 
> >> >> > This is about KGpg, right?
> >> >> > 
> >> >> > Your a) seems to be a claim about a missing feature/warning/bug in
> >> >> 
> >> >> KGpg,
> >> >> 
> >> >> > please report at bugs.kde.org product KGpg.
> >> >> > 
> >> >> > Your b) could be solved adding some infos about a revocation
> >> >> 
> >> >> certificate
> >> >> 
> >> >> > to the KGpg Handbook?
> >> >> 
> >> >> Yes, please file a wishlist for KGpg on b.k.o and I'll see to get
> >> 
> >> this
> >> 
> >> >> done
> >> >> for SC 4.8. There currently is no interface to create a revocation
> >> >> certificate for an existing key. You are however asked if you want to
> >> >> create one with a new key.
> >> >> 
> >> >> I don't think complaining about a revocation certificate on every
> >> 
> >> upload
> >> 
> >> >> is
> >> >> a good idea. But maybe we could do this with a
> >> >> dont-show-this-dialog-again
> >> >> thing. Please file a seperate wishlist if you want this implemented
> >> 
> >> and
> >> 
> >> >> provide some good arguments to convince me.
> >> > 
> >> > KGpg has an action "Revoke Key" in the context menu, which opens the
> >> > "Create
> >> > Revocation Certificate" dialog.
> >> > But the documentation does not mention revocation.
> >> > 
> >> > Eike would you mind to add something about revocation to the handbook,
> >> 
> >> we
> >> 
> >> > could ship the updated doc with 4.7.1.
> >> 
> >> Ups, indeed. Since even I forgot about it how is anyone else supposed to
> >> know? ;) Yes, I think I'll cook up some text for this. Suggestions
> >> welcome.
> > 
> > Ping Eike
> 
> Ok, I would commit the following text early next week if there aren't any
> better proposals:
> 
> A key pair that has expired can be brought back into an operational state
> as long as you have access to the private key and the passphrase. To
> reliably render a key unusable you need to revoke it. Revoking is done by
> adding a special revokation signature to the key.
> 
> These revokation signature can be created together with the key. In this
> case it is stored in a separate file. This file can later be imported into
> the keyring and is then attached to the key rendering it unusable. Please
> note that to import this signature to the key no password is required.
> Therefore you should store this revokation signature in a safe place,
> usually one that is different from you key pair. It is a good advise to
> use a place that is detached from your computer, either copy it to an
> external storage device like an USB stick or print it out.
> 
> If you have not created such a detached revokation on key creation you can
> create such a revokation signature at any time choosing Key -> Revoke key
> ***, optionally importing it to your keyring immediately.
> 
> *** Currently this item is only available in the context menu. I'll move
> this from the context menu to the key menu for 4.7.1. The context menu
> should provide shortcuts to the often used items. Revoking a key is
> seldomly used (if at all) so it has no reason to be in the context menu at
> all.
> 
> Greetings,
> 
> Eike
> 
> -------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-doc-english/attachments/20110911/c6205ebe/attachment.sig>

More information about the kde-doc-english mailing list