Revoking a GPG key
January 18th, 2004 | Published in misc | 5 Comments
A couple of months ago, I lost my lovely laptop in a burglary. This weekend, Edd reminded me that my GPG private key was on the machine, so I performed the necessary rituals to revoke it. I found the documentation on this a little sparse, so here are the steps I took.
$ gpg --gen-revoke 6382285E
6382285E is the ID for my key. You’re asked if you want to provide a reason for the revocation (key comprised, superseded or no longer used) and an optional free-text description. After supplying your passphrase, an ascii-armoured key block is printed out. Paste this text into a file. In my case, it looked like this:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: A revocation certificate should follow iGwEIBECACwFAkAKbmwlHQJLZXkgd2FzIG9uIGEgbGFwdG9wIHRoYXQgd2FzIHN0 b2xlbgAKCRBQw2pwY4IoXlv4AJ0XgWhSuSwv2jpd2ifFA5IXyijnEACfXfn/qtfq KyMdShD0odXAliKD43w= =mRL+ -----END PGP PUBLIC KEY BLOCK-----
This step could be performed when you first generate your key, and the results stashed in a safe place for later use if you lose it. In my case, I’d kept a backup copy of the original keypair, so I was able to generate a revocation after the event.
$ gpg --import my_revocation.txt
Issuing this command imports the revocation into your keyring, revoking your key.
$ gpg --keyserver pgp.mit.edu --send-keys 6382285E
This send the revoked key to the public keyserver at pgp.mit.edu. If it succeeds, you’ll get the message ‘gpg: success sending to `pgp.mit.edu' (status=200)
‘. If you check your key’s verbose index page on pgp.mit.edu, you’ll see *** KEY REVOKED ***
on the first line of the details.
For the record, my new key has the ID 097891DA.
Update: I just found the official word on how to do this. It’s in question 4.17 of the gpg faq.
February 17th, 2004 at 5:42 pm (#)
I have a couple (at least) of old keys floating around out there somewhere that I wasn’t able to revoke and for which the 53kr3tz are irretrievably lost. Annoyance!
December 4th, 2008 at 9:24 pm (#)
Thank you for this wonderfully easy howto which was the first thing I found after sucesslessly trying to revoke my lost key for about 30 minutes
January 15th, 2009 at 4:15 pm (#)
http://www.gnupg.org/(en)/documentation/faqs.ht…
It's a 404.
January 15th, 2009 at 4:25 pm (#)
Fixed, thanks.
January 22nd, 2009 at 12:11 am (#)
Will all the attributes(like photos) deleted by the keyserver?