[Q] How do I revoke my old key?

Eddie Roosenmaallen eroosenmaallen@cogeco.ca
Fri May 16 18:33:03 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daniel,

First you have to actually use the revocation certificate:

  $ gpg --import revcert.asc

This will mark the key as revoked in your keyring. Next, you send the
revoked key to keyservers. As a bare minimum, one LDAP and one HKP keyserver
should suffice.

You're as well off to hang onto the revoked key - you can decrypt with it,
even after it's revoked, and it's possible to end up with old copies of it
kicking around, which someone may use to encrypt to you.

Peace,
  Eddie

Daniel Carrera wrote:

> Alright.  I have my cool, brand-new key-ring, and I have made a revocation
> certificate for my old key.
>
> Now that I have the revocation certificate, how do I actually revoke it?
> I guess I must send it to a key-server.  How do I do that?
>
> Do I need to go over every key-server I sent my key to?  I'm not sure I
> can remember them all.  Or is it enough to send the revocation to one HKP
> and one LDAP key server?
>
> I have made backups of everything I had encrypted with my old key.  Is it
> safe to delete the key now?
>
> Thanks for the help.

- --
OpenPGP KeyID: 0xCC1aCD05
Get my key from keyserver.kjsl.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+xRIetGGqbMwazQURAga2AJ9Ro2gzOpwaHWQykjW9zszXiiDS+wCgoDb6
c9l3mjhJc9yK3Xe0Pu9D9I0=
=pl9f
-----END PGP SIGNATURE-----