Revoke a public key w/o the secret key?

David Shaw dshaw@jabberwocky.com
Sat Jul 26 21:27:35 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jul 25, 2003 at 03:13:52PM -0400, Eugene Smiley wrote:
> Charly Avital wrote:
> > On Fri, 25 Jul 2003 11:47:59 -0600 (MDT), Dan Egli wrote:
> >
> >> Is this possible? Reason I'm asking is I found that some PGP
> >> Keyservers are still floating an old key of mine around that was
> >> SOPOSED to have been revoked some time ago. I don't have the
> >> associated secret key anymore so I cannot generate a revoke by
> >> simply using gpg --gen-revoke. Is there a way to generate a
> >> revoke certificate w/o having the secret key?
> >
> > Even when revoked, a key will keep on floating around in the
> > servers.
> >
> > Without the associated secret key *and* the corresponding
> > passphrase, you cannot generate a revoke for the public key.
> >
> > If you really want the world at large to know that this particular
> > key should not be used when encrypting to you, you might insert
> > some appropriate comment in your valid public key's uid, either
> > disclaiming the former key (ID), or qualifying the valid key as the
> > "only" valid one. Clumsy, but...
> 
> Or if you really did revoke the key and it exists revoked somewhere
> import it to your keyring from there and send it up to that server...
> 
> Ortherwise, you've added to the many keys floating around that are
> orphaned. I have several of these orphaned "test" keys. I've learned
> my lesson. ;)
> 
> Sign it with your current key, revoke the signatures, and send it up
> to the servers. It gives people a bread crumb trail to follow to your
> current key, if you like.

This is a frequently given piece of advice, but is actually not the
best thing to do.  There are older versions of PGP that don't
understand revoked signatures and will treat that signature as valid -
thus certifying the old, unusable key with the current key.

The person who suggested asking all the people who signed the key to
revoke their signatures had a better idea.  While this still doesn't
mean anything in old PGPs, it at least does not give a key more
validity than it had earlier.

Of course, the best thing to do is generate a revocation certificate
when you generate the key... or at least, appoint a trustworthy friend
as designated revoker.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEARECADEFAj8izj4qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJ5cQAoIO0Hursa/b1uR06TtDtyY8Pk9TJAJwO
VewtO0gEFeSY5uJKQeiyO+TMKA==
=dNSl
-----END PGP SIGNATURE-----