Revoking OpenPGP Subkeys: Primary Key Limitations

G5 Cyber Security

1 week ago

TL;DR

No, an OpenPGP primary key cannot directly revoke a subkey of another subkey. Revocations must originate from the key that generated the subkey being revoked. You need to use the specific subkey (or its corresponding secret key) to create and publish a revocation certificate.

Understanding Key Hierarchy

OpenPGP keys have a hierarchical structure:

Primary Key: The root of trust. It’s rarely used for signing or encryption directly due to security concerns.
Subkeys: Derived from the primary key, used for specific purposes (signing, encryption, authentication). They are created using the primary key.

Each subkey has its own secret key material. Revocations are tied to this secret key.

Why Primary Key Revocation Doesn’t Work

Revocation certificates prove that you (the owner of a specific key) no longer trust the corresponding key. The primary key doesn’t “know” about the internal structure and lifecycle of its subkeys in a way that allows it to authoritatively revoke them.

How to Revoke Subkeys

Identify the Subkey: First, you need to know the Key ID (or fingerprint) of the subkey you want to revoke. You can find this using:
```
gpg --list-secret-keys --keyid-format long
```
This will list your secret keys with their full key IDs.
Generate the Revocation Certificate: Use the subkey’s secret key to create a revocation certificate. Crucially, you must use the subkey itself (or its associated secret key) for this step:
```
gpg --armor --detach-sig KEYID
```
Replace KEYID with the Key ID of the subkey.
Publish the Revocation Certificate: You need to make the revocation certificate available publicly. Common methods include:
- Keyserver: Upload it to a keyserver (e.g., hkps://keyserver.ubuntu.com):
```
gpg --send-keys KEYID
```
- Website/Email: Publish it on your website or send it via email.

Example Scenario

Let’s say you have a primary key with Key ID ABCDEF0123456789 and two subkeys:

Signing Subkey: Key ID GHIJKL0123456789
Encryption Subkey (subkey of GHIJKL0123456789): Key ID MNOPQR0123456789

If you want to revoke the encryption subkey (MNOPQR0123456789), you must use the secret key associated with GHIJKL0123456789 or MNOPQR0123456789, not the primary key’s secret key.

Important Considerations

Secret Key Security: Protect your subkey’s secret keys. If compromised, someone could create a fraudulent revocation certificate.
Key Server Synchronization: It can take time for revocation certificates to propagate across all key servers.
Trust Model: Revocation is part of the Web of Trust model; others need to be aware of your revocations to fully trust your keys.