Revoke a public key w/o the secret key?
Eugene Smiley
eugene@esmiley.net
Fri Jul 25 21:12:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Charly Avital wrote:
> On Fri, 25 Jul 2003 11:47:59 -0600 (MDT), Dan Egli wrote:
>
>> Is this possible? Reason I'm asking is I found that some PGP
>> Keyservers are still floating an old key of mine around that was
>> SOPOSED to have been revoked some time ago. I don't have the
>> associated secret key anymore so I cannot generate a revoke by
>> simply using gpg --gen-revoke. Is there a way to generate a
>> revoke certificate w/o having the secret key?
>
> Even when revoked, a key will keep on floating around in the
> servers.
>
> Without the associated secret key *and* the corresponding
> passphrase, you cannot generate a revoke for the public key.
>
> If you really want the world at large to know that this particular
> key should not be used when encrypting to you, you might insert
> some appropriate comment in your valid public key's uid, either
> disclaiming the former key (ID), or qualifying the valid key as the
> "only" valid one. Clumsy, but...
Or if you really did revoke the key and it exists revoked somewhere
import it to your keyring from there and send it up to that server...
Ortherwise, you've added to the many keys floating around that are
orphaned. I have several of these orphaned "test" keys. I've learned
my lesson. ;)
Sign it with your current key, revoke the signatures, and send it up
to the servers. It gives people a bread crumb trail to follow to your
current key, if you like.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD4DBQE/IYFu6QPtAqft/S8RAiImAJj6s3bJnGEDWypVZdXg3y5g7phuAJ9alg09
R8/BRxxm7umce9oJAZnEYg==
=x+i6
-----END PGP SIGNATURE-----