rifel123
commented
2 years ago Do we know a way to invalidate a key? python-gnupg does not allow that, so the only way would be to call GPG and enter its interactive mode ;/
Closed rifel123 closed 2 years ago
rifel123
commented
2 years ago Do we know a way to invalidate a key? python-gnupg does not allow that, so the only way would be to call GPG and enter its interactive mode ;/
mzarnowski
commented
2 years ago Invalidating someone's public key can be done by having a separate file in repository called invalidated, which stores fingerprints of the invalidated keys alongside a timestamp since when the key should not be trusted. So the file is a list of pairs (fingerprint, timestamp). Upon decryption, all we need to do is check if the key associated with the message was not invalidated before the message got created.
It should be "fine" because: a) there won't be that many keys invalidated at a time and b) any invalidated key will be removed from the list after its expiration date, so it will always contain only the necessary entries.
mzarnowski
commented
2 years ago Also, it would be nice if a PR which invalidates key K and is signed using this key could be merged automatically. Would this be possible by using some server-side git hook?
It should be safe, because once key K is compromised, then both the owner and attacker have the key. And invalidation seems like an operation which should be available to anyone holding the key
rifel123
commented
2 years ago closed with #51
While generating new identity the user may decide not replace existing one. In such a case ask user what to do with existing public and private keys, invalidate them or keep untouched. If previous keys gets invalidated, publish new keys to repository.