Hello,
regarding latest Gpg4win-3.1.5:
Sometimes older and not more used pgp keys are deactivated/ disabled but still in keyring for decryption from older mails/ files.
Kleopatra shows those deactivated keys (for same email address) in same manner as active production keys, GpgOl offers those disabled keys for signing or encryption purposes.
How to exclude those disabled keys from further usage, how to mark those keys?
Thx + regards!
Hi Chris,
thanks for the question, I’ll think Andre will respond here next week.
Best Regards,
Bernhard
Hi Chris,
You have two ways to do this both are valid in your case → Revoke the keys or Expire them. Both are available from Kleopatra’s Details view. (Double click).
The easiest is probably to mark them to expire “on this day” (you can only select future dates so select today). And tomorrow they will show up as expired, are still usable for decryption but won’t be used for future signing / encryption.
Alternatively you can generate revocation certificates for these keys and open them with a text editor (there are instructions in the revocation certificate) follow the instructions and import the revocation certificate.
If you had published your keys to the public keyserver you might also want to upload the expiration or revocation change so that others won’t use them anymore.
Best Regards,
Andre
Hi Andre,
thanks for reply.
If a key is deactivated (same as disabled!?) , in my opinion it should be marked in Kleopatra’s key list (and additionally it should not be offered in GpgOL).
Now such deactivated keys are only detectable if mouse cursor opens the popup with further informations, pls refer to attached sreenshot.
For example old GPGShell v3.78 shows such disabled keys in overview.
Thx + best regards, Chris
Ah Ok. Then I understood you wrong, I thought you were asking how to disable a key so that it is not offered in Kleopatra and GpgOL.
Regarding “disabled” keys, that might indeed not be properly handled throughout (I’ve never tested it) as it is fairly uncommon to disable keys in this way and more of an artifact in the OpenPGP Standard. That is why Kleo also does not offer GUI to disable a key in this way. But of course the handling of such keys should be better. They should not be offered and in Kleopatra marked in some way directly visible in the keylist.
I’ve opened a task for this so that it is not forgotten. https://dev.gnupg.org/T4269
Thank you!