OpenPGP Key revocation with C# and VB.NET

Introduction to OpenPGP key revocation

The OpenPGP key revocation is the process of appending a special signature to an OpenPGP public key that marks it as not usable any more.

In this chapter we are going to discuss the reasons for revoking a key, how can we revoke a key and the standard revocation codes.

The general reasons for revoking a key are when the private key password has been compromised, the private key has been lost or a newer public key has been issued.

How to revoke

The ways to revoke a key provided by DidiSoft OpenPGP Library for .NET are:

1. Direct key revocation – revoke the public key by signing it as revoked with the corresponding private key

2. With a Revocation certificate – create upfront a special revocation certificate and use it lately to revoke the public key

3. With a designated revoker – mark a third party public key as a designated revoker and use it lately to revoke the public key

Revocation codes

When we revoke an OpenPGP public key we can specify a revocation reason code and description (custom description). Below are listed the standard revocation reason codes specified in the OpenPGP RFC:

/// No reason specified
RevocationLib.REASON_NO_REASON;
 
/// The key is superseded
RevocationLib.REASON_KEY_SUPERSEDED;
 
/// The key has been compromised
RevocationLib.REASON_KEY_COMPROMISED;
 
/// The key is no longer used
RevocationLib.REASON_KEY_NO_LONGER_USED;
 
/// User Id is no longer used
RevocationLib.REASON_USER_NO_LONGER_USED;

Summary

This chapter was a short introduction to OpenPGP key revocation. It discussed the reasons for revoking a key, the possible ways to revoke a key and the main revocation codes.

Related reading: Direct key revocation, Revocation certificate, Designated revoker