Kleopatra doesn't create a revocation certificate


With Kmail / Kleopatra I created a few opengpg keys.

Now I wanted to upload them to a public server but Kleopatra reminds me that I should create a revocation key before publishing.

Now there is this button “Create revocation certificate” but after pressing OK to save the *.rev file there is no file!

I am completely lost - what am I missing?

This is on latest Tumbleweed, Kleopatra self-test gives me green on every point (except VS-NfD conformity), path for saving the *.rev is in my documents folder (so permissions are correct)…

What can I do?

Thx for reading,

Did you check for the name? (in most English language environments it is: Documents)

Yes, my documents folder is “Documents”…

but I also created a folder “AAA” in my home directory and tried to save it there - same result - nothing gets created by kleopatra…

p.s.: I use the file picker dialog in kleopatra to navigate to the folder - so there is really no chance of messing up the path…

OK, it was just to be sure. After all, you had no real directory name, but a vague description. So misunderstanding about the facts can be easy.

Strange…the Kleopatra handbook says that it is not possible…maybe outdated information?
page 10, chapter 2.3.1

Kleopatra does not provide a function to create such a revocation signature at any time, but you
can do that with the KDE application KGpg by choosing Keys → Revoke key and optionally
importing the revocation signature to your keyring immediately.
An alternative way of generating a revocation certificate is to use GPG directly from the command line: gpg --output revocation_certificate.asc --gen-revoke your_key.
The argument your_key must be a key specifier, either the key ID of your primary keypair or
any part of a user ID that identifies your keypair.

Thanks for the quote rom the handbook.

Sadly I checked in there before and it seems to be outdated.

Kleopatra has a button and a revocation cretificate creation dialog window.

In Kleopatra mark a certificate, righclick, choose “Details” (last item in the context menu) and there you get the button and dialog.

Also I read somewhere that the only way Kleopatra can create the certificate is to create a file (to import into the keyserver if revocation is needed).

Maybe you are reffering to this test scenario. I’m not sure if this defines a “correct order” as you describe…first importing a key before you are able to crate a revocation cerificate

In Kleopatra every key in the overview is locally imported - otherwise it wouldn’t show up in Kleopatra or Kgpg.

If you choose this key and want to publish it to a public keyserver you get a warning dialog that says “make sure you created a revocation certificate before publishing otherwise you will not be able to revocate the key ever”…

Thist is the order I am refering to :

Before publishing (which is the same “importing the key into a public server” ) you have to create a revocation signature as a file and store it somewhere safe as a failsafe. If it should be necessary to revocate the key at a later time one can import the revocation file to the public keyserver.

THe button “Generate revocation cretificate” is supposed to generate this revocation certificate file as mentioned above.

Now in the test scenario, point 4 there is the mention of entering a passphrase. The revocation generation dialog offers no option for entering the passphrase. So there’s that…

1.15: Create revocation certificate

  1. Open certificate details of your own OpenPGP certificate
  2. Click “Generate revocation certificate” button
  3. Select location and enter filename
  4. Enter passphrase
  5. The revocation certificate is at the selected destination

I assume after point 3 and pressing ok there should be another dialog which silently fails. So we never arrive at point 5.

I guess it’s just broken then.

So i tried with kgpg and here I can create this file - there is no entering any passphrase in the process.

I think the test scenario documenation is outdated (or incorrect), the handbook of Kleopatra has to be updated also and the function in Kleopatra is either incompletely implemented or broken.

I will file a bug report.