Introduction
An OpenPGP revocation certificate is a standalone revocation signature created with an OpenPGP private key that can be used later to revoke the corresponding public key.
In this chapter we are going to illustrate how to create an OpenPGP revocation certificate and apply it afterwards to an OpenPGP public key. The code shown below is presented both in C# and VB.NET and uses DidiSoft OpenPGP Library for .NET
List of Examples
1. Create a revocation certificate with a private key located in a file
2. Create a revocation certificate with a private key located in a KeyStore
3. Revoke a public key located in a file
4. Revoke a public key located in a KeyStore
Examples
1. Create a revocation certificate with a private key located in a file
The example below shows how to create an OpenPGP revocation certificate through an OpenPGP private key. After the revocation certificate file is created it should be stored for future usage.
C# example
using System; using System.IO; using DidiSoft.Pgp; class RevocationCertificateGenerate { public static void Demo() { // create an instance of the library RevocationLib lib = new RevocationLib(); // private key corresponding to the public key we want // to create the revocation certificate for String targetPrivateKey = @"c:\key1_private.asc"; String targetPrivateKeyPassword = "password"; // reason and description byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED; String revocationDescription = "This key is no longer used"; // where will be stored the certificate String certificateOutputFile = @"c:\revocation_certificate_key1.txt"; // create the revocation certificate lib.CreateRevocationCertificateInFile(targetPrivateKey, targetPrivateKeyPassword, revocationCode, revocationDescription, certificateOutputFile); } } |
VB.NET example
Imports System Imports System.IO Imports DidiSoft.Pgp Class RevocationCertificateGenerate Public Shared Sub Demo() ' create an instance of the library Dim revLib As New RevocationLib() ' private key corresponding to the public key we want ' to create the revocation certificate for Dim targetPrivateKey As String = "c:\key1_private.asc" Dim targetPrivateKeyPassword As String = "password" ' reason and description Dim revocationCode As Byte = RevocationLib.REASON_KEY_NO_LONGER_USED Dim revocationDescription As String = "This key is no longer used" ' where will be stored the certificate Dim certificateOutputFile As String = "c:\revocation_certificate_key1.txt" ' create the revocation certificate revLib.CreateRevocationCertificateInFile(targetPrivateKey, _ targetPrivateKeyPassword, _ revocationCode, _ revocationDescription, _ certificateOutputFile) End Sub End Class |
2. Create a revocation certificate with a private key located in a KeyStore
The example below is equivalent to the previous one, except that the private key needed for the revocation certificate generation is located in a KeyStore object.
C# example
using System; using System.IO; using DidiSoft.Pgp; class KeyStoreRevocationCertificateGenerate { public static void Demo() { // initialize the KeyStore KeyStore keyStore = new KeyStore(@"c:\revocation.keystore", "keystore password"); // private key corresponding to the public key we want // to create the revocation certificate for String targetKeyUserId = "name@mycompany.com"; String targetPrivateKeyPassword = "password"; // create an instance of the library RevocationLib lib = new RevocationLib(); // reason and description byte revocationCode = RevocationLib.REASON_KEY_NO_LONGER_USED; String revocationDescription = "This key is no longer used"; // where will be stored the certificate String certificateOutputFile = @"c:\revocation_certificate_key1.txt"; // create the revocation certificate lib.CreateRevocationCertificateInFile(keyStore, targetKeyUserId, targetPrivateKeyPassword, revocationCode, revocationDescription, certificateOutputFile); } } |
VB.NET example
Imports System Imports System.IO Imports DidiSoft.Pgp Class KeyStoreRevocationCertificateGenerate Public Shared Sub Demo() ' initialize the KeyStore Dim keyStore As New KeyStore("c:\revocation_demo.keystore", _ "keystore password") ' private key corresponding to the public key we want ' to create the revocation certificate for Dim targetKeyUserId As String = "name@mycompany.com" Dim targetPrivateKeyPassword As String = "password" ' create an instance of the library Dim revLib As New RevocationLib() ' reason and description Dim revocationCode As Byte = RevocationLib.REASON_KEY_NO_LONGER_USED Dim revocationDescription As String = "This key is no longer used" ' where will be stored the certificate Dim certificateOutputFile As String = _ "c:\revocation_certificate_key1.txt" ' create the revocation certificate revLib.CreateRevocationCertificateInFile(keyStore, _ targetKeyUserId, _ targetPrivateKeyPassword, _ revocationCode, _ revocationDescription, _ certificateOutputFile) End Sub End Class |
3. Revoke a public key located in a file
In the example below we are going to revoke an OpenPGP public key with a previously created revocation certificate file.
C# example
using System; using System.IO; using DidiSoft.Pgp; class RevocationCertificateImport { public static void Demo() { // create an instance of the library RevocationLib lib = new RevocationLib(); String targetPublicKey = @"c:\key1_public.asc"; String certificateFile = @"c:\revocation_certificate_key1.txt"; // revoke key with revocation certificate lib.RevokeKeyWithRevocationCertificateFile(targetPublicKey, certificateFile); } } |
VB.NET example
Imports System Imports System.IO Imports DidiSoft.Pgp Class RevocationCertificateImport Public Shared Sub Demo() ' create an instance of the library Dim revLib As New RevocationLib() Dim targetPublicKey As String = "c:\key1_public.asc" Dim certificateFile As String = "c:\revocation_certificate_key1.txt" ' revoke key with revocation certificate revLib.RevokeKeyWithRevocationCertificateFile(targetPublicKey, certificateFile) End Sub End Class |
4. Revoke a public key located in a KeyStore
The example below illustrates how to revoke an OpenPGP key stored in a KeyStore object through a revocation certificate. After the key has been revoked the usual scenario is to export it and distribute it to our partners.
C# example
using System; using System.IO; using DidiSoft.Pgp; class KeyStoreRevocationCertificateImport { public static void Demo() { // initialize the KeyStore KeyStore keyStore = new KeyStore(@"c:\revocation.keystore", "keystore password"); // public key the revocation certificate is for // create an instance of the library RevocationLib lib = new RevocationLib(); String certificateFile = @"c:\revocation_certificate_key1.txt"; // revoke key with revocation certificate lib.RevokeKeyWithRevocationCertificateFile(keyStore, certificateFile); // ... now we can export the revoked public key // and distribute it to our partners } } |
VB.NET example
Imports System Imports System.IO Imports DidiSoft.Pgp Class KeyStoreRevocationCertificateImport Public Shared Sub Demo() ' initialize the KeyStore Dim keyStore As New KeyStore("c:\revocation.keystore", "keystore password") ' create an instance of the library Dim revLib As New RevocationLib() Dim certificateFile As String = "c:\revocation_certificate_key1.txt" ' revoke key with revocation certificate revLib.RevokeKeyWithRevocationCertificateFile(keyStore, certificateFile) ' ... now we can export the revoked public key ' and distribute it to our partners End Sub End Class |
Summary
In this chapter we have illustrated how to create a revocation certificate and apply it later to revoke an OpenPGP public keys located in a file on the disk and in a KeyStore.
The methods that provide revocation through a revocation certificate are located in the DidiSoft.Pgp.RevocationLib class:
RevocationLib.RevokeKeyWithRevocationCertificateFile
RevocationLib.RevokeKeyWithRevocationCertificateText
