Account Management

Revoking Keys

In an ideal world, the key associated with a user account is used until it expires. However, by some mishap, the secret key might get compromised. It then needs to be revoked.

To revoke a key, call the “user revoke key” command:

bomnipotent_client user revoke key

[INFO] Revoked key with fingerprint '5629e6dbf41fc045ed20a4b353adfb36bd100295'.

This sets the status of the key currently to “REVOKED”. It can no longer be used.

bomnipotent_client who-am-i

bomnipotent_client whoami

[ERROR] Received response:
401 Unauthorized
No approved and currently valid public keys were found for user 'other_user@example.com'.

The revoked key is kept in the database. This makes sure that it can not be used in a subsequent user request:

bomnipotent_client user request user@example.com /home/keys/stored_public_key.pem

[INFO] Reading public key from '/home/keys/stored_public_key.pem'.
[ERROR] Received response:
409 Conflict
The entry already exists in the database.

Afer having revoked a key, you should delete it from your file system. You can find its location in the session data:

bomnipotent_client session status

[INFO] 
domain = "bomnipotent_server_of_your_choice"
user = "other_user@example.com"
secret_key_path = "/home/keys/stored_secret_key.pem"