Problem removing a public key whose private key is gone

Neil Williams linux at
Mon Mar 13 11:09:52 CET 2006

On Wednesday 08 March 2006 5:15 pm, Jeremiah Foster wrote:
> >
> > you can remove any public key from your keyring with:
> >  	gpg --delete-key {key-id}
> This prompts for the secret key id, which I do not have.

Same as the public key ID for that secret key. It's only the ID, not the key, 
that is needed.

But seeing as you were too idle to create a revocation certificate before you 
thrust this useless key onto the keyservers, that's a moot point.

> > if no one else has a copy of the key, you're done. if the key is in
> > circulation among key-servers (and if you don't have a revocation
> > certificate) you're beat.
> The key is on key servers and I do not have a revocation cert.

Why not? You are advised to create a revocation certificate when you create 
the key! If you couldn't be bothered to even do that, you are beyond help.

Nothing can be done to remove / revoke a key that has been sent to a keyserver 
unless you have EITHER the secret key OR the revocation certificate.

> Would you 
> elaborate on "beat"?
> Jeremiah

Sunk. Lost. Beaten. Hopeless situation. Impossible to resolve. Doh!
Take your pick.

There's no point in deleting a public key from your keyring if it's on a 
keyserver. You've just given the word another unusable key. Thanks.

ALWAYS create a revocation certificate BEFORE you send your key to a 
keyserver!!!! No excuses.

Just a test key? Keep it to yourself. Don't send to keyservers - ever.

Usable key? Create a revocation certificate BEFORE you send to a keyserver.

Keyservers are for the rest of us. If we don't need to know about your key, 
don't put it on a keyserver. It does not benefit you to send a key to a 
keyserver, it is for the benefit of others.

Werner et al. :
Maybe it's time that --send-key checks if the key to be sent has a secret key 
in the secret keyring and if it does, prompts the user about a revocation 
certificate BEFORE allowing the key to be sent? 

Even a simple prompt, default NO, would prevent the majority of these useless 
keys on keyservers. It's not that much hassle for those who have their 
certificate, depending on how often they add subkeys etc.


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060313/7338d4d2/attachment-0001.pgp

More information about the Gnupg-users mailing list