deleting a uid from a public key

David Shaw dshaw at
Thu May 30 15:23:01 CEST 2002

On Thu, May 30, 2002 at 01:48:28PM +0200, Denis Walker wrote:
> Hi guys
> According to your manual you can delete a uid from your local public
> key. But if someone else imports your key it merges the uids from
> the old and new keys.  So the deletion does not take effect. The
> manual says in order to delete a uid from someone's public key you
> must first remove the key and them import the new key. Why does
> import not delete uids? Are there any security implications involved
> here? If I am updating keys should I always remove the key first and
> them import the new one?

As you saw, deleting a uid does not really delete it - it will come
back when the key is merged with an earlier copy of itself.  There are
several reasons for this, the simplest being: how does GnuPG know
which is the "more recent" key?  For example, if I have a key with 3
uids, and I import the same key with 2 uids, does that mean that one
of the uids is to be deleted (the 2 uid version is newer) or should I
do nothing (the 3 uid version is newer).

To resolve this, OpenPGP allows a user to revoke a uid - a revoked uid
is present on the key but is not used.  If you have a uid that you
don't want to use any longer, use "revsig" to revoke the
self-signature on that uid.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list