Assigning OpenPGP Designated revoker in C# and VB.NET

Introduction

A designated revoker in OpenPGP is a partner key that we trust and that can be used to revoke our public key in the case when we have lost our own private key and cannot do the revocation ourselves.

In this chapter we are going to illustrate how to assign a partner key as a designated revoker for our key and afterwards how she can revoke our public key with her private key.

Assigning a designated revoker

This example shows how to specify that a partner key is a designated revoker for our key. The code requires our private key and the public key of our partner. Our public key has to be writable in order for the special signature to be appended.

C# example

using System;
using System.IO;
using DidiSoft.Pgp;
 
class AssignDesignatedRevoker
{
 public static void Demo()
 {
   // create an instance of the library
   RevocationLib lib = new RevocationLib();
 
   string myPublicKey = @"c:\partner_public_key.asc";
   string myPrivateKey = @"c:\our_private_key.asc";
   string myPrivateKeyPassword = "my password";
   // the partner key is the designated revoker
   string partnerPublicKey = @"c:\partner_public_key.asc"; 
 
   // assign designated revoker
   lib.AssignDesignatedRevoker(myPublicKey,
	                       myPrivateKey, 
	                       myKeyPassword,  
	                       partnerPublicKey);
 }
}

VB.NET

Imports System
Imports DidiSoft.Pgp
 
Class AssignDesignatedRevoker
 Public Shared Sub Demo()
   ' create an instance of the library
   Dim revLib As New RevocationLib()
 
   Dim myPublicKey As String = "c:\key1_public.asc"
   Dim myPrivateKey As String = "c:\key1_private.asc"
   Dim myPrivateKeyPassword As String = "my password" 
   ' the partner key is the designated revoker
   Dim partnerPublicKeyFile As String = "c:\key2_public.asc"
 
   ' assign designated revoker
   revLib.AssignDesignatedRevoker(myPublicKey, _
                                  myPrivateKey, _
                                  myPrivateKeyPassword, _
                                  partnerPublicKeyFile)
 End Sub
End Class

Assigning a designated revoker in a KeyStore

This example is equivalent to the above one excluding that the keys are located in a KeyStore.

C# example

using System;
using System.IO;
using DidiSoft.Pgp;
 
class KeyStoreAssignDesignatedRevoker
{
 public static void Demo()
 {
  // initialize the KeyStore
  KeyStore keyStore = new KeyStore(@"c:\revocation.keystore", "keystore password");
 
  // create an instance of the library
  RevocationLib lib = new RevocationLib();
 
  // in this example we reference the keys in the KeyStore through their User ID's.
  // but overloaded methods exist for Key ID's too
  string targetKeyUserId = "my@key.com";
  string targetPrivateKeyPassword = "my password";
  string designatedRevokerUserId = "partner@company.com";
 
  // assign designated revoker
  lib.AssignDesignatedRevoker(keyStore,
				targetKeyUserId,
				targetPrivateKeyPassword,
				designatedRevokerUserId);
 }
}

VB.NET example

Imports System
Imports System.IO
Imports DidiSoft.Pgp
 
Class KeyStoreAssignDesignatedRevoker
 Public Shared Sub Demo()
   Dim folder As String = Path.Combine("DataFiles", "Revocation")
 
   ' initialize the KeyStore
   Dim keyStore As New KeyStore(Path.Combine(folder, "revocation.keystore"), "changeit")
 
   ' create an instance of the library
   Dim revLib As New RevocationLib()
 
   ' in this example we reference the keys in the KeyStore through their User ID's.
   ' but overloaded methods exist for Key ID's too
   Dim targetKeyUserId As String = "my@key.com"
   Dim targetPrivateKeyPassword As String = "my password"
   Dim designatedRevokerUserId As String = "partner@company.com"
 
   ' assign designated revoker
   revLib.AssignDesignatedRevoker(keyStore, _
				targetKeyUserId, _
				targetPrivateKeyPassword, _
				designatedRevokerUserId)
 End Sub
End Class

Revoking a key with a designated revoker

If somehow we have lost our private key and we do not have a previously created revocation certificate, the only way to revoke our public key is to ask a partner that has been assigned as a designated revoker. Please have in mind that only trusted third party shall be a designated revoker.

C# example

using System;
using System.IO;
using DidiSoft.Pgp;
 
class RevokeWithDesignatedRevoker
{
 public static void Demo() {            
  // create an instance of the library
  RevocationLib lib = new RevocationLib();
 
  // public key to be revoked
  String targetPublicKey = @"c:\key1_public.asc";
 
  // private key of the designated revoker
  String designatedRevokerPrivateKey = @"c:\key2_private.asc";
  String designatedRevokerPrivateKeyPassword = "password";
 
  // reason and description
  byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED;
  String revocationDescription = "This key is no longer used";
 
  // revoke key with revocation certificate
  lib.RevokeKeyWithDesignatedRevoker(targetPublicKey, 
					designatedRevokerPrivateKey, 
					designatedRevokerPrivateKeyPassword, 
					revocationCode, 
					revocationDescription);        
 }
}

VB.NET example

Imports System
Imports System.IO
Imports DidiSoft.Pgp
 
Class RevokeWithDesignatedRevoker
 Public Shared Sub Demo()
  Dim path As String = System.IO.Path.Combine("DataFiles", "Revocation")
 
  ' create an instance of the library
  Dim revLib As New RevocationLib()
 
  ' public key to be revoked
  Dim targetPublicKey As String = System.IO.Path.Combine(path, "key1_public.asc")
 
  ' private key of the designated revoker 
  Dim designatedRevokerPrivateKey As String = System.IO.Path.Combine(path, "key2_private.asc")
  Dim designatedRevokerPrivateKeyPassword As String = ""
 
 ' reason and description
  Dim revocationCode As Byte = RevocationLib.REASON_KEY_NO_LONGER_USED
  Dim revocationDescription As String = "This key is no longer used"
 
  ' revoke key with designated revoker
  revLib.RevokeKeyWithDesignatedRevoker(targetPublicKey, _
					designatedRevokerPrivateKey, _
					designatedRevokerPrivateKeyPassword, _
					revocationCode, _
					revocationDescription)
 End Sub
End Class

Revoking a key with a designated revoker in a KeyStore

The examples below demonstrate revoking with a designated revoker when using a KeyStore. The keys are specified through their User Id but of course an overloaded method exists that accepts Key Id’s.

C# example

using System;
using System.IO;
using DidiSoft.Pgp;
 
class KeyStoreRevokeWithDesignatedRevoker
{
 public static void Demo()
 {
  // initialize the KeyStore
  KeyStore keyStore = new KeyStore(@"c:\revocation.keystore", "keystore password");
  keyStore.ImportKeyRing(@"c:\key1_public_assigned.asc");
  keyStore.ImportKeyRing(@"c:\key2_private.asc");
 
  // create an instance of the library
  RevocationLib lib = new RevocationLib();
 
  // in this example we reference the keys in the KeyStore through their User ID's.
  // but overloaded methods exist for Key ID's too
  string targetKeyUserId = "RSA_1";
  string designatedRevokerUserId = "designated@revoker.com";
  string designatedRevokerPrivateKeyPassword = "password";
 
  // reason and description
  byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED;
  string revocationDescription = "This key is no longer used";
 
  // revoke key with a designated revoker
  lib.RevokeKeyWithDesignatedRevoker(keyStore,
				targetKeyUserId,
				designatedRevokerUserId,
				designatedRevokerPrivateKeyPassword,
				revocationCode,
				revocationDescription);
 }
}

VB.NET example

Imports System
Imports System.IO
Imports DidiSoft.Pgp
 
Class KeyStoreRevokeWithDesignatedRevoker
 Public Shared Sub Demo()
  ' initialize the KeyStore
  Dim keyStore As New KeyStore("c:\revocation.keystore", "keystore password")
  keyStore.ImportKeyRing("c:\key1_public_assigned.asc")
  keyStore.ImportKeyRing("c:\key2_private.asc")
 
  ' create an instance of the library
  Dim revLib As New RevocationLib()
 
  ' in this example we reference the keys in the KeyStore through their User ID's.
  ' but overloaded methods exist for Key ID's too
  Dim targetKeyUserId As String = "RSA_1"
  Dim designatedRevokerUserId As String = "designated@revoker.com"
  Dim designatedRevokerPrivateKeyPassword As String = "password"
 
  ' reason and description
  Dim revocationCode As Byte = RevocationLib.REASON_KEY_NO_LONGER_USED
  Dim revocationDescription As String = "This key is no longer used"
 
  ' revoke key with designated revoker
  revLib.RevokeKeyWithDesignatedRevoker(keyStore, _
					targetKeyUserId, _
					designatedRevokerUserId, _
					designatedRevokerPrivateKeyPassword, _
					revocationCode, _
					revocationDescription)
 End Sub
End Class

Summary

This chapter discussed assigning of designated revoker to a public key and revoking that public key afterwards with the former designated revoker.

Methods used:
PGPLib.AssignDesignatedRevoker – assigns a designated revoker to a public key.
PGPLib.RevokeKeyWithDesignatedRevoker – revokes a key with a designated revoker.