Signatures and pub-key qustions...

Marc Mutz
Sun May 12 00:15:02 2002

Hash: SHA1

On Saturday 11 May 2002 18:40, Marian Stepka wrote:
> submit that key to public key server. I lost key pairs for that
> address. Of coarse I can download back public key, but secret one is
> does not exist any more. Is there way to remove obsolete public key
> from servers or will it stay there forever?

Nope. Lost is lost.

> Another quesion will be similar to previous one. I created key pair
> and one extra UID for that key pair and submitted public key to
> servers. Afterwards I removed UID and exports key again, but UID stay
> on servers. Is there way to submit key again without extra UID?

You can revoke the self-signature of the UID you want to "delete". Like=20
with whole keys, there's almost nothing that you can delete on=20
keyservers. You can only add. In this case, you'd add the OpenPGP=20
equivalent of a "don't use this UID anymore" sticky paper to your key.

> My last question is about signing. I don't sign keys of persons which
> I personally don't know.

You shouldn't even sign keys of persons that haven't given their key's=20
fingerprint to you personally. ;-)

> But if my public key is signed with someone
> do I need import it to my keyring again and then submit it to public
> servers so others can read signature?

Depends. If you went to a keysigning event, you most likely exchanged=20
sheets of paper with key fingerprints on them. The other person will=20
download your key from a keyserver, sign the key, and either
1. upload it to one or more keyservers again.
   (in this case, you'd just need a gpg --recv-keys <your-key-id>)
=2D -and/or-
2. send it to you in private mail.
   (in this case, you'd import the key into your keyring to add the new=20
   sigs, then upload to a keyserver so everyone else sees them).


=2D --=20
Marc Mutz <>
Version: GnuPG v1.0.7 (GNU/Linux)