OpenPGP Direct key revocation with C# and VB.NET

Introduction to Direct key revocation in .NET

In this chapter we are going to show how to perfom OpenPGP direct key revocation using DidiSoft OpenPGP Library for .NET.

We can revoke a public key directly only if we possess it’s corresponding private key. If we have lost our private key the only way to revoke our public key is to use a revocation certificate or to use a designated revoker.

After the public key has been revoked it should be distributed to our partners so they can update their keys database and prevent it’s future usage.

Examples illustrating how to revoke a public key:

1. When the keys are located in files on the disk

2. When the keys are in a KeyStore

1. Revoke a publc key file
(C# and VB.NET code snippets)

C# example

using System;
using System.IO;
using DidiSoft.Pgp;
 
class RevokeKey
{
  public static void Demo() {
    String path = @"c:\";
 
    // create an instance of the library
    RevocationLib lib = new RevocationLib();
 
    // public key to be revoked
    String targetPublicKey = Path.Combine(path, "key1_public.asc");
 
    // private key corresponding to the public key we want
    // to revoke
    String targetPrivateKey = Path.Combine(path, "key1_private.asc");
    String targetPrivateKeyPassword = "password ";
 
   // reason and description
   byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED;
   String revocationDescription = "This key is no longer used";
 
   // revoke key with revocation certificate
   lib.RevokeKey(targetPublicKey,
		targetPrivateKey,
		targetPrivateKeyPassword,
		revocationCode,
		revocationDescription);
  }
}

VB.NET example

Imports System
Imports System.IO
Imports DidiSoft.Pgp
 
Class RevokeKey
 Public Shared Sub Demo()
    Dim path As String = "c:\"
 
    ' create an instance of the library
    Dim revLib As New RevocationLib()
 
    ' public key to be revoked
    Dim targetPublicKey As String = System.IO.Path.Combine(path, "key1_public.asc")
 
    ' private key corresponding to the public key
    ' that we want to revoke
    Dim targetPrivateKey As String = System.IO.Path.Combine(path, "key1_private.asc")
    Dim targetPrivateKeyPassword As String = "password"
 
    ' reason and description
    Dim revocationCode As Byte = RevocationLib.REASON_KEY_NO_LONGER_USED
    Dim revocationDescription As String = "This key is no longer used"
 
   ' revoke key with revocation certificate
   revLib.RevokeKey(targetPublicKey, _
                    targetPrivateKey, _
                    targetPrivateKeyPassword, _
                    revocationCode, _
                    revocationDescription)
 End Sub
End Class


2. Revoke a public key located in a KeyStore
In the example below, after the public key is revoked it is also exported to a file, so that we can send it to our partners and prevent them to use it any more.

C# example

using System;
using System.IO;
using DidiSoft.Pgp;
 
class KeyStoreRevokeKey
{
  public static void Demo()
  {
	String path = Path.Combine("DataFiles", "Revocation");
 
	// create an instance of the library
	RevocationLib lib = new RevocationLib();
 
	// initialize the KeyStore
	KeyStore keyStore = new KeyStore(Path.Combine(path, "my.keystore"), "changeit");
	// public key and corresponding private key
	keyStore.ImportKeyRing(Path.Combine(path, "key1_public.asc"));
	keyStore.ImportKeyRing(Path.Combine(path, "key1_private.asc"));
 
	string targetKeyUserId = "RSA_1";
	string targetPrivateKeyPassword = ""; // empty password 
 
	// revocation reason and description
	byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED;
	string revocationDescription = "This key is no longer used";
 
	// revoke key with revocation certificate
	lib.RevokeKey(keyStore,
			targetKeyUserId,
			targetPrivateKeyPassword,
			revocationCode,
			revocationDescription);
 
        // should the exported public key be in ASCII or binary format
	bool asciiArmored = true;
	// the exported public key is revoked and can be distributed
	// to our partners in order to prevent its future usage
	keyStore.ExportPublicKey(Path.Combine(path, "key1_public_revoked.asc"),
						targetKeyUserId,
						asciiArmored);
  }
}

VB.NET example

Imports System
Imports System.IO
Imports DidiSoft.Pgp
 
Class KeyStoreRevokeKey
  Public Shared Sub Demo()
	Dim folder As String = Path.Combine("DataFiles", "Revocation")
 
	' create an instance of the library
	Dim revLib As New RevocationLib()
 
	' initialize the KeyStore
	Dim keyStore As New KeyStore(Path.Combine(folder, "my.keystore"), "changeit")
	' public key and corresponding private key
	keyStore.ImportKeyRing(Path.Combine(folder, "key1_public.asc"))
	keyStore.ImportKeyRing(Path.Combine(folder, "key1_private.asc"))
 
	Dim targetKeyUserId As String = "RSA_1"
	Dim targetPrivateKeyPassword As String = "password "
 
	' revocation reason and description
	Dim revocationCode As Byte = RevocationLib.REASON_KEY_NO_LONGER_USED
	Dim revocationDescription As String = "This key is no longer used"
 
	' revoke key with revocation certificate
	revLib.RevokeKey(keyStore, _
			targetKeyUserId, _
			targetPrivateKeyPassword, _
			revocationCode, _
			revocationDescription)
 
	' should the exported public key be in ASCII or binary format
	Dim asciiArmored As Boolean = True
	' the exported public key is revoked and can be distributed
	' to our partners in order to prevent its future usage
	keyStore.ExportPublicKey(Path.Combine(folder, "key1_public_revoked.asc"), _
				targetKeyUserId, _
				asciiArmored)
  End Sub
End Class

Summary
This chapter contains examples showing how to revoke an OpenPGP public key with a direct key revocation through its’ private key.

The method for revoking a key directly is RevocationLib.RevokeKey