Revoke an OpenPGP key
In OpenPGP infrastructure keys are revoked by inclusion of a dedicated 'revocation signature' to the list of signatures attached to the key. Normally keys are revoked by the party that issued them (e.g. primary key owner), but generally PGP standard allows to use any secret key to revoke any public key association. This might be useful is complicated environments with advanced trust policies.
To revoke a key, you will need:
To revoke the key-to-user binding, do the following:
To revoke a key, use a different revocation method:
To revoke a direct key signature call TElPGPCustomSecretKey.DirectRevoke() method and pass the following parameters: Key (key or subkey to be revoked), Signature (the revocation signature will be put here) and RevokedSignature (the signature to be revoked).
To revoke other kinds of signatures use TElPGPCustomSecretKey.Revoke() method.
If you only need to provide a comment (without the reason), just assign the comment to the TElPGPSignature's ReasonForRevocation property, and the corresponding extension subpacket will be created automatically.
If you also need to put down the reason, use the following code as an example. This is similar to the way you configured the key flags.
int idx = sig.AddExtension(SBPGPUtils.TSBPGPSignatureExtension.seReasonForRevocation, true, false); TElPGPReasonForRevocationSignatureSubpacket rrpkt = (TElPGPReasonForRevocationSignatureSubpacket)sig.get_Extensions(idx); rrpkt.Reason = SBPGPEntities.Unit.rrKeyCompromised; rrpkt.Comment = "The key has been compromised";