deleting a uid from a public key
David Shaw
dshaw at jabberwocky.com
Thu May 30 15:23:01 CEST 2002
On Thu, May 30, 2002 at 01:48:28PM +0200, Denis Walker wrote:
> Hi guys
>
> According to your manual you can delete a uid from your local public
> key. But if someone else imports your key it merges the uids from
> the old and new keys. So the deletion does not take effect. The
> manual says in order to delete a uid from someone's public key you
> must first remove the key and them import the new key. Why does
> import not delete uids? Are there any security implications involved
> here? If I am updating keys should I always remove the key first and
> them import the new one?
As you saw, deleting a uid does not really delete it - it will come
back when the key is merged with an earlier copy of itself. There are
several reasons for this, the simplest being: how does GnuPG know
which is the "more recent" key? For example, if I have a key with 3
uids, and I import the same key with 2 uids, does that mean that one
of the uids is to be deleted (the 2 uid version is newer) or should I
do nothing (the 3 uid version is newer).
To resolve this, OpenPGP allows a user to revoke a uid - a revoked uid
is present on the key but is not used. If you have a uid that you
don't want to use any longer, use "revsig" to revoke the
self-signature on that uid.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list