OpenPGP revocation certificate in Java

Introduction

In this example we are going to demonstrate how to create an OpenPGP revocation certificate file with OpenPGP Library for Java. This certificate file must be kept in a secret place, for example on another media, and if we forget the password for our private key we can use the revocation certificate to revoke the corresponding public key.

Create revocation certificate with private key located in a file
Create revocation certificate with private key located in a KeyStore
Revoke public key file with revocation certificate
Revoke public key in a KeyStore with revocation certificate

Create revocation certificate with private key located in a file

The code snippet below shows how to create a revocation certificate file when our private key is located in a file.

import com.didisoft.pgp.RevocationLib;
 
public class RevocationCertificateGenerate {
 public static void main(String args[]) throws Exception {
  // create an instance of the library
  RevocationLib lib = new RevocationLib();
 
  // private key corresponding to the public key we want
  // to create the revocation certificate for
  String targetPrivateKey = "key1_private.asc";
  String targetPrivateKeyPassword = "password";  
 
  // reason and description
  byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED;
  String revocationDescription = "This key is no longer used";
 
  // where will be stored the certificate
  String certificateOutputFile = "revocation_certificate_key1.txt";
 
  // create the revocation certificate
  lib.createRevocationCertificateInFile(targetPrivateKey,
			                targetPrivateKeyPassword,
					revocationCode,
					revocationDescription,
					certificateOutputFile);
 }
}

Create revocation certificate with private key located in a KeyStore

In the case when we keep our keys in a KeyStore file, we must specify the target private key either by User Id or by Key Id, two overloaded methods exist for each case. In the example below the User Id is used.

import com.didisoft.pgp.RevocationLib;
 
public class KeyStoreRevocationCertificateGenerate {
 public static void main(String[] args) throws Exception {
  // initialize the KeyStore
  KeyStore keyStore = new KeyStore("demo.keystore", "changeit");
 
  String targetKeyUserId = "RSA_1";
  String targetPrivateKeyPassword = "password";
 
  // create an instance of the library
  RevocationLib lib = new RevocationLib();
 
  // reason and description
  byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED;
  String revocationDescription = "This key is no longer used";
 
  // where will be stored the certificate
  String certificateOutputFile = path + "revocation_certificate_key1.txt";
 
  // create the revocation certificate
  lib.createRevocationCertificateInFile(keyStore,
					targetKeyUserId,
					targetPrivateKeyPassword,
					revocationCode,
					revocationDescription,
					certificateOutputFile);
 }
}

Revoke public key file with revocation certificate

Note that the public key file must be writable in order the certificate to be applied to the key file.

import com.didisoft.pgp.RevocationLib;
 
public class RevocationCertificateImport {
 public static void main(String args[]) throws Exception {
  // create an instance of the library
  RevocationLib lib = new RevocationLib();
 
  String targetPublicKey = "key1_public.asc";
  String certificateFile = "revocation_certificate_key1.txt";
 
  // revoke key with revocation certificate
  lib.revokeKeyWithRevocationCertificateFile(targetPublicKey,
					    certificateFile);
 }
}

Revoke public key in a KeyStore with revocation certificate

This example is equivalent to the above one except that the public key is located in a KeyStore file.

import com.didisoft.pgp.KeyStore;
import com.didisoft.pgp.RevocationLib;
 
public class KeyStoreRevocationCertificateImport {
 public static void main(String args[]) throws Exception {
   // initialize the KeyStore
   KeyStore keyStore = new KeyStore("demo.keystore", "changeit");
 
   // create an instance of the library
   RevocationLib lib = new RevocationLib();
 
   String certificateFile = "revocation_certificate_key1.txt";
 
   // revoke key with revocation certificate
   lib.revokeKeyWithRevocationCertificateFile(keyStore, certificateFile);
 }
}

(This functionality is available from version 2.5.4)

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Creating OpenPGP revocation certificates in Java

Contact Us

Announcements

Subscribe for Updates