11

I revoked my key today, and uploaded it to the server. However, When looking at the server web page, I saw it says **key revoked** [NOT verified]. How do I verify this?

I am using gpg.

xuhdev
  • 1,781
  • 2
    this means that the key is no longer valid so its simply an other way to tell all the others that you have revoked invalidated the key and they should no longer trust it. it does not mean you have to validate that it is really revoked. hope its clear now – konqui Nov 07 '14 at 06:39

2 Answers2

6

How do I verify this?

As Jon Callas already stated at Crypto.SE way back in June 2012 : you simply don’t.

In case a different wording helps, here’s a quote related to the exact same question… https://lists.gnupg.org/pipermail/gnupg-users/2014-February/049100.html

On 02/19/2014 11:55 AM, Hauke Laging wrote:

Am Di 18.02.2014, 23:19:33 schrieb Tadas Slotkus: 

<blockquote>
  <p>Hello,  </p>

  <p>I revoked my key and on the public key server it says: "<strong>* KEY<br>
  REVOKED *</strong> [not verified]" Why does it say that revocation is<br>
  not verified?  </p>
</blockquote>

<p>That probably refers to the point that the keyservers don't do<br>
crypto checks. It means: There is a packet which looks like a key<br>
revocation but it could be forged. If an OpenPGP application<br>
downloads the key from the server then it does a signature check.  </p>

That is a correct interpretation, indeed.

Community
  • 1
e-sushi
  • 254
4

I think I found an answer in this thread: http://www.gossamer-threads.com/lists/gnupg/users/65236

In short:

There is a packet which looks like a key revocation but it could be forged. If an OpenPGP application downloads the key from the server then it does a signature check.

HorstKevin
  • 273