Revocation certificates for a CA key

Why would a CA key need to be revoked?

In the (hopefully) unlikely case that the private key material of an OpenPGP CA instance is compromised, any cryptographic statements by that CA key are suspect. No one should rely on statements by that CA key anymore (because they could be forged by a third party).

To disseminate the information that the CA key has become untrustworthy, a revocation certificate needs to be published. A revocation certificate is a cryptographic statement that marks a key as irrevocably invalid. A revocation can be published via any channel, including WKD and any of the public keyservers.

By publishing a revocation, end users (and their OpenPGP software) who might have configured a “trust signature” for the CA key on their system, learn that the CA key is now considered invalid - and that it should not be trusted anymore.

Generating a set of revocation certificates for future use

Using the OpenPGP CA CLI tool, you can generate a set of revocation certificates:

$ oca -d example.oca ca revocations -o ca-revocations.txt

The result is a human-readable text file with a short introductory text, followed by the CA public key, and then a number of revocation certificates.

The revocations come in pairs consisting of a “hard” revocation (to signal that the CA key has been compromised) and a “soft” revocation (to signal that the CA key has not been compromised, but should nevertheless be considered retired):

[...]

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Hard revocation (certificate compromised) (2030-08-30)

wsHeBCABCgCSBYJyGprPCRC3ZBS5fYda+0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcme0ZegLeiC/jrr1lrnUlFGEnCNWgquguM1kfuW7XpIi
PyIdAkNlcnRpZmljYXRlIGhhcyBiZWVuIGNvbXByb21pc2VkFiEEVpka33FwM3DZ
WdeGt2QUuX2HWvsAACd4EACelPgC2ClfSHR+0OsSKOAjswi0gtCK/rJhvKuiBX6j
1oHQS9bzF4qWCWwQQuCKflQBKw65eHI6NqtQNGlTgTdef7gS0J0mhyvV3qUjzfjb
kY1XdWat1DGQsRYTypVFh6QOjowp/D0u67+YjW34l9v33H201oilKQYFgpEAL2k+
NCVXhIAsXpovWZ0BgWJ0UWLgkO5omwgwL1Js/RyqOcWEnfBWSNJ8H5vdwh38N1It
xTpTSeIeHgHPVHAuICcAKFeQAwfKnrV66hMjcL6ECzI4fg5QQRIHR5aC/GyMG+QM
vfiVaEh7iajuR2yZ3PXVKbfMLNHf66vLpAMIllEMoSeJ7DpSYAQiOmnKDMT7glW4
F1MgmZLadDLrINkQlJzd+pb/1oApkYwuBPG2m0T7TqFtD+ZR2tze7w0gdQlj05dB
wllULj2osRvbMmWl6l9tLpq5/xEL8/Jxw3jWVlEiinwlAlqX3O8qdXE1frKBfI0s
+h+xF1ckTROdR1UGTxSXmKrPSNnLoAdG1yxEJAWHSKuVYFuI8D7k1Q6Ct9Aeop/f
2eTZcgPxfaqiX43Ss0Nnz/azrNwK3E1tYQogZ1aSMGzwLe5HxG4NorPNkRqBtP2W
sSH65ykNqHPUKl7cymVECZtBQ+KnEXnhO//DFpksfPAKnQT2iFc+VUB+jB+TRb/d
Og==
=yJEI
-----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Soft revocation (certificate retired) (2030-08-30)

wsHRBCABCgCFBYJyGprPCRC3ZBS5fYda+0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfXc7Lyff11Kq8ofcSiM48lPi5YHAthiAzSCAqyZZs4
uxUdA0NlcnRpZmljYXRlIHJldGlyZWQWIQRWmRrfcXAzcNlZ14a3ZBS5fYda+wAA
Se4QAJixJ/a2+E1iSkyvOpFGd9/qiqyhYdJxXAQ+XrKiSD3xh3KPNPW2wSp7+pP0
aBfxUD09jBkD+1N7rmX8SsBR1JeXev1VTsKeA1zYgvK/VJfbCQfD+d2F18Ixffxw
vhEvibphphdwf8FP380kEixyF8dydqrhOwSid/xsIcDiW2xx78OEpVq8dyzJiuYB
bwV97Yp+nd/m4lTus/h3o+MvTxbKY8MyAeFeyiRZ3V/+BLVHjbNHa4E7RsiUVG6x
xH/3QDmragxN+T3Q8ym6VUEXQB1AOpD4SCW7aaIob6xLgItWuTejmKg+K4qvBVSC
nOsrIkHLvIZWyjtXW+V4HX9lGcE5GeM1UmFXMZrpvqPp9/S2yd8ZyuUpVVEHmzGu
h3m92O2uuUKrjOLiBQRQSMiTc6eHsPhukmR4nvz8SKg9PfoRu+CB4+jL21+Qtrbk
6rlWhs5xIryHFhBEEZrgXJll41BsCLCdhl57UbrDpLZVk9alBOe3EbZlXQ6hTdKc
3IncgTFe6V6M7EFJe+2n6L8sRyiAiAXAfpodK6T3lsODIgIB054p7NyMGirhzmIS
SRWz8/WnilHlj7EFm8QowTDVfk73I2bBuliLXLpUbie82ZeSb+vVSdvva9ExZ+NF
mVTehga5LSm5iQaVafGCljCfx5AXRMCmEpXGgbVEAIOGayk9
=0qY9
-----END PGP PUBLIC KEY BLOCK-----

[...]

The file contains many such pairs (121 to be precise)1, which differ in their “creation date” value. The creation dates range from the current date to approximately 10 years in the future (in 30 day increments).

If, in the future, you need to revoke your CA key, but don’t have access to the CA private key anymore, you can choose and publish the most appropriate revocation from the set of revocations in this file.

Storing the revocation file

You should store this text file in a safe location to be able to revoke the CA key in case your CA’s private key ever gets compromised or lost due to some accident. Having a suitable revocation certificate in such cases gives you valuable options to do damage control - and recover from a failure.

It’s important that the revocation file is not available to potential attackers. However, in comparison, it is less crucial to keep the revocations safe than it is to keep the CA’s private key material safe. An attacker can do decidedly more damage with the private key material.

The intended use case for storing a revocation file is when you consider it too hard to store a copy of the CA private key with the appropriate security precautions.


  1. If you are running a CA backed by an OpenPGP card, and your card requires touch confirmation, this means that you will need to confirm very many cryptographic operations (242). This works, but is tedious. You might want to create these revocations before enabling touch confirmation on your card. ↩︎