RE: [Cryptix-users] Revokation

[Milinovsky,Martin <Mar...@dr...>]

Better try :-)

Getting Certificate Revokation Lists from CAs seems to be one =
possibility (which I did no try so far), but I think the fact that a key =
is revoked is lso stored in the key itself, or at least somewhere in the =
keyring. Taking into account that a keyring is nothing else than a =
"list" of keys, the revokation-flag must be in the key itself. I don't =
know if this is a common behaviour, but my GnuPG 1.2.2 keyring stored =
this data. The tool GPGShell is able to show PGPPacket-data for each key =
in the keyring. Below you see the output of GPGShell for revoked key in =
my keyring - you will notice the line 11 (revokation reason ...). Don't =
know if this is "OpenPGP"-conform, but I think if this information is in =
the key, there should be means of getting this information:

____________________ CUT HERE _______________________
:public key packet:
	version 4, algo 17, created 946589488, expires 0
	pkey[0]: [1024 bits]
	pkey[1]: [160 bits]
	pkey[2]: [1024 bits]
	pkey[3]: [1022 bits]
:signature packet: algo 17, keyid DE93A45AF2074F7E
	version 4, created 1048796971, md5len 0, sigclass 20
	digest algo 2, begin of digest be 0d
	hashed subpkt 2 len 4 (sig created 2003-03-27)
	hashed subpkt 29 len 87 (revocation reason 0x02 (Laptop has been =
stolen, so I cannot guarantee for the integrity of the key any longer.))
	subpkt 16 len 8 (issuer key ID DE93A45AF2074F7E)
	data: [160 bits]
	data: [160 bits]
:user ID packet: "Martin Milinovsky <m.m...@ao...>"
:signature packet: algo 1, keyid EC253D175755100D
	version 4, created 993124255, md5len 0, sigclass 10
	digest algo 1, begin of digest 65 01
	hashed subpkt 2 len 4 (sig created 2001-06-21)
	hashed subpkt 6 len 19 (regular expression: "argedaten Mitglied")
	subpkt 16 len 8 (issuer key ID EC253D175755100D)
	data: [2047 bits]
:signature packet: algo 17, keyid 486AA60B534455D8
	version 4, created 990812033, md5len 0, sigclass 10
	digest algo 2, begin of digest 67 e1
	hashed subpkt 2 len 4 (sig created 2001-05-25)
	subpkt 16 len 8 (issuer key ID 486AA60B534455D8)
	data: [160 bits]
	data: [159 bits]
:signature packet: algo 17, keyid 8F9A946F23EAB272
	version 4, created 1038500748, md5len 0, sigclass 10
	digest algo 2, begin of digest 7d 81
	hashed subpkt 2 len 4 (sig created 2002-11-28)
	subpkt 16 len 8 (issuer key ID 8F9A946F23EAB272)
	data: [159 bits]
	data: [160 bits]
:signature packet: algo 17, keyid F51771D1CD77E77D
	version 4, created 946591429, md5len 0, sigclass 10
	digest algo 2, begin of digest 70 5e
	hashed subpkt 2 len 4 (sig created 1999-12-30)
	hashed subpkt 5 len 2 (trust signature of level 1, amount 120)
	subpkt 16 len 8 (issuer key ID F51771D1CD77E77D)
	data: [159 bits]
	data: [160 bits]
:signature packet: algo 17, keyid DE93A45AF2074F7E
	version 4, created 946589489, md5len 0, sigclass 10
	digest algo 2, begin of digest 87 c4
	hashed subpkt 11 len 3 (pref-sym-algos: 3 2 1)
	hashed subpkt 2 len 4 (sig created 1999-12-30)
	subpkt 16 len 8 (issuer key ID DE93A45AF2074F7E)
	data: [160 bits]
	data: [160 bits]
:signature packet: algo 17, keyid DE93A45AF2074F7E
	version 4, created 946589488, md5len 0, sigclass 10
	digest algo 2, begin of digest 4e a2
	hashed subpkt 2 len 4 (sig created 1999-12-30)
	hashed subpkt 11 len 3 (pref-sym-algos: 3 2 1)
	hashed subpkt 25 len 1 (primary user ID)
	subpkt 16 len 8 (issuer key ID DE93A45AF2074F7E)
	data: [159 bits]
	data: [159 bits]
:signature packet: algo 17, keyid 2264FC7D57C00148
	version 4, created 1038582550, md5len 0, sigclass 13
	digest algo 2, begin of digest 63 87
	hashed subpkt 2 len 4 (sig created 2002-11-29)
	subpkt 16 len 8 (issuer key ID 2264FC7D57C00148)
	data: [159 bits]
	data: [159 bits]
:user ID packet: "Martin Milinovsky <ma...@mi...>"
:signature packet: algo 17, keyid DE93A45AF2074F7E
	version 4, created 1045648077, md5len 0, sigclass 13
	digest algo 2, begin of digest 6e 35
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 11 len 3 (pref-sym-algos: 7 3 2)
	hashed subpkt 21 len 2 (pref-hash-algos: 2 3)
	hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
	hashed subpkt 30 len 1 (features: 01)
	hashed subpkt 23 len 1 (key server preferences: 80)
	hashed subpkt 25 len 1 (primary user ID)
	hashed subpkt 2 len 4 (sig created 2003-02-19)
	subpkt 16 len 8 (issuer key ID DE93A45AF2074F7E)
	data: [159 bits]
	data: [160 bits]
:user ID packet: "Martin Milinovsky <m.m...@xs...>"
:signature packet: algo 17, keyid DE93A45AF2074F7E
	version 4, created 946589804, md5len 0, sigclass 10
	digest algo 2, begin of digest ab 57
	hashed subpkt 2 len 4 (sig created 1999-12-30)
	hashed subpkt 11 len 3 (pref-sym-algos: 3 2 1)
	subpkt 16 len 8 (issuer key ID DE93A45AF2074F7E)
	data: [157 bits]
	data: [159 bits]
:signature packet: algo 17, keyid 2264FC7D57C00148
	version 4, created 1038582557, md5len 0, sigclass 13
	digest algo 2, begin of digest 42 12
	hashed subpkt 2 len 4 (sig created 2002-11-29)
	subpkt 16 len 8 (issuer key ID 2264FC7D57C00148)
	data: [156 bits]
	data: [158 bits]
:signature packet: algo 17, keyid 8F9A946F23EAB272
	version 4, created 1043317158, md5len 0, sigclass 13
	digest algo 2, begin of digest 11 2d
	hashed subpkt 2 len 4 (sig created 2003-01-23)
	subpkt 16 len 8 (issuer key ID 8F9A946F23EAB272)
	data: [159 bits]
	data: [157 bits]
:public sub key packet:
	version 4, algo 16, created 946589488, expires 0
	pkey[0]: [2048 bits]
	pkey[1]: [2 bits]
	pkey[2]: [2047 bits]
:signature packet: algo 17, keyid DE93A45AF2074F7E
	version 4, created 946589488, md5len 0, sigclass 18
	digest algo 2, begin of digest e5 9d
	hashed subpkt 2 len 4 (sig created 1999-12-30)
	subpkt 16 len 8 (issuer key ID DE93A45AF2074F7E)
	data: [160 bits]
	data: [159 bits]
____________________ CUT HERE _______________________


Ciao
	Martin


-----Original Message-----
From: mo...@sp... [mailto:mo...@sp...]
Sent: Dienstag, 27. Mai 2003 18:11
To: Milinovsky,Martin; mo...@sp...;
cry...@li...
Subject: RE: [Cryptix-users] Revokation


Yikes!  Looks like I answered the wrong question.  Sorry about that.

Here's a better try.  What you want are Certificate Revocation Lists, =
which
are modelled as java.security.cert.CRL.  You can get CRL objects via=20
java.security.cert.CertificateFactory.generateCRL(InputStream inStream)

if you have obtain the certificate revocation list from the certificate
authority. =20

You should also see java.security.cert.CertStore which I believe is
intended to help you access the CA and obtain CRLs from it.

I hope that's more useful...


Original Message:
-----------------

First thanx for the reply!

Well, I know the method checkValidity(), but I think this only checks if
this key EXPIRES at a given Date, but not if it is revoked - correct me =
if
i'm wrong! Any key may have no expiration-date and therefore the Method
checkValidity() would say that this key is valid, but the key may
nevertheless be revoked. How do I get this information?

Ciao
	Martin


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .