With Kmail / Kleopatra I created a few opengpg keys.
Now I wanted to upload them to a public server but Kleopatra reminds me that I should create a revocation key before publishing.
Now there is this button “Create revocation certificate” but after pressing OK to save the *.rev file there is no file!
I am completely lost - what am I missing?
This is on latest Tumbleweed, Kleopatra self-test gives me green on every point (except VS-NfD conformity), path for saving the *.rev is in my documents folder (so permissions are correct)…
Strange…the Kleopatra handbook says that it is not possible…maybe outdated information?
page 10, chapter 2.3.1
Kleopatra does not provide a function to create such a revocation signature at any time, but you
can do that with the KDE application KGpg by choosing Keys → Revoke key and optionally
importing the revocation signature to your keyring immediately.
An alternative way of generating a revocation certificate is to use GPG directly from the command line: gpg --output revocation_certificate.asc --gen-revoke your_key.
The argument your_key must be a key specifier, either the key ID of your primary keypair or
any part of a user ID that identifies your keypair.
Sadly I checked in there before and it seems to be outdated.
Kleopatra has a button and a revocation cretificate creation dialog window.
In Kleopatra mark a certificate, righclick, choose “Details” (last item in the context menu) and there you get the button and dialog.
Also I read somewhere that the only way Kleopatra can create the certificate is to create a file (to import into the keyserver if revocation is needed).
In Kleopatra every key in the overview is locally imported - otherwise it wouldn’t show up in Kleopatra or Kgpg.
If you choose this key and want to publish it to a public keyserver you get a warning dialog that says “make sure you created a revocation certificate before publishing otherwise you will not be able to revocate the key ever”…
Thist is the order I am refering to :
Before publishing (which is the same “importing the key into a public server” ) you have to create a revocation signature as a file and store it somewhere safe as a failsafe. If it should be necessary to revocate the key at a later time one can import the revocation file to the public keyserver.
THe button “Generate revocation cretificate” is supposed to generate this revocation certificate file as mentioned above.
Now in the test scenario, point 4 there is the mention of entering a passphrase. The revocation generation dialog offers no option for entering the passphrase. So there’s that…
1.15: Create revocation certificate
Open certificate details of your own OpenPGP certificate
Click “Generate revocation certificate” button
Select location and enter filename
Enter passphrase
The revocation certificate is at the selected destination
I assume after point 3 and pressing ok there should be another dialog which silently fails. So we never arrive at point 5.
I guess it’s just broken then.
So i tried with kgpg and here I can create this file - there is no entering any passphrase in the process.
I think the test scenario documenation is outdated (or incorrect), the handbook of Kleopatra has to be updated also and the function in Kleopatra is either incompletely implemented or broken.