Deleting a Public Key from a server

David Champion dgc@uchicago.edu
Mon Jun 17 18:38:01 2002


* On 2002.06.17, in <20020617123241.58707.qmail@web21306.mail.yahoo.com>,
*	"john clark" <lurq_gnupg@yahoo.com> wrote:
> > > How can I delete the the old pub-key ?
> 
> You can't delete your pubkey but you can render it
> unusable by revoking it.
> 
> But you said you lost the secret key, so... bummer.
> Quite impossible. Unless you nag all the people who

Correct. The keysevrer maintainer has no way of knowing that a request
to remove a public key is a legitimate request unless it's signed by the
key's corresponding secret key. Even if you can prove that your name is
John Bull, the key pair on the server could be owned by some other John
Bull. This is precisely what a revocation certificate is for. It's a
well-formed document signed by the secret key stating that the key pair
is no longer valid.

This kind of circumstance is precisely why it's recommended that you
create a revocation certificate when you create the key, and store it
in "a safe place". This "safe place" should be a different place from
your secret key. (If you lose your secret key, you'll still have the
revocation certificate.) Some recommend printing the ascii-armored
revocation certificate on paper, deleting the online copy, and storing
the paper in a safe deposit box. That might be extreme for your taste,
but it's a useful idea.

-- 
 -D.	dgc@uchicago.edu	NSIT	University of Chicago