[newbie] Revoking vs deleting public keys

Ben Finney ben@benfinney.id.au
Tue Aug 5 02:11:03 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 04-Aug-2003, Ediprogrammer@aol.com wrote:
> When do you recommend revoking versus deleting a public key?

Delete a key when you don't want to use it.

Revoke a key when you don't want anyone else to use it.

The main reason to revoke your key is because you have reason to believe
it has been compromised -- someone has possibly gained access to the
secret key, for example.

The trouble is, many of the scenarios where you want to revoke a key,
involve you no longer having access to the secret key -- which is
required to generate a revocation certificate!  This catch-22 is
resolved by the recommendation to generate a revocation certificate when
you create the key, and keep it unused against the possibility of
wanting to revoke the key in the future.

 \       "If you don't know what your program is supposed to do, you'd |
  `\              better not start writing it."  -- Edsger W. Dijkstra |
_o__)                                                                  |
Ben Finney <ben@benfinney.id.au>

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)