Allow revocation of OpenPGP keys.

/!\ It is to be noted that revoking a key does NOT necessarily prevent
the owner of its private part from accessing data on the remote /!\

The only sound use of `keyid-=` is probably to replace a (sub-)key by
another, where the private part of both is owned by the same
person/entity:

    git annex enableremote myremote keyid-=2512E3C7 keyid+=788A3F4C

Reference: http://git-annex.branchable.com/bugs/Using_a_revoked_GPG_key/

* Other change introduced by this patch:

New keys now need to be added with option `keyid+=`, and the scheme
specified (upon initremote only) with `encryption=`. The motivation for
this change is to open for new schemes, e.g., strict asymmetric
encryption.

    git annex initremote myremote encryption=hybrid keyid=2512E3C7
    git annex enableremote myremote keyid+=788A3F4C
This commit is contained in:
guilhem 2013-08-28 04:24:14 +02:00 committed by Joey Hess
parent 484daf5b39
commit 53ce59021a
7 changed files with 83 additions and 45 deletions

View file

@ -880,7 +880,7 @@ test_crypto env = "git-annex crypto" ~: intmpclonerepo env $ whenM (Utility.Path
let a cmd = git_annex env cmd
[ "foo"
, "type=directory"
, "encryption=" ++ Utility.Gpg.testKeyId
, "keyid=" ++ Utility.Gpg.testKeyId
, "directory=dir"
, "highRandomQuality=false"
]