pgp: **key revoked** [NOT verified]
I revoked my key today, and uploaded it to the server. However, When looking at the server web page, I saw it says **key revoked** [NOT verified]
. How do I verify this?
I am using gpg.
Solution 1:
I think I found an answer in this thread: http://www.gossamer-threads.com/lists/gnupg/users/65236
In short:
There is a packet which looks like a key revocation but it could be forged. If an OpenPGP application downloads the key from the server then it does a signature check.
Solution 2:
How do I verify this?
As Jon Callas already stated at Crypto.SE way back in June 2012 : you simply don’t.
In case a different wording helps, here’s a quote related to the exact same question… https://lists.gnupg.org/pipermail/gnupg-users/2014-February/049100.html
…
On 02/19/2014 11:55 AM, Hauke Laging wrote:
Am Di 18.02.2014, 23:19:33 schrieb Tadas Slotkus:
Hello,
I revoked my key and on the public key server it says: "* KEY
REVOKED * [not verified]" Why does it say that revocation is
not verified?That probably refers to the point that the keyservers don't do
crypto checks. It means: There is a packet which looks like a key
revocation but it could be forged. If an OpenPGP application
downloads the key from the server then it does a signature check.That is a correct interpretation, indeed.
…