[Q] How do I revoke my old key?

Eddie Roosenmaallen eroosenmaallen@cogeco.ca
Fri May 16 18:33:03 2003

Hash: SHA1

Hi Daniel,

First you have to actually use the revocation certificate:

  $ gpg --import revcert.asc

This will mark the key as revoked in your keyring. Next, you send the
revoked key to keyservers. As a bare minimum, one LDAP and one HKP keyserver
should suffice.

You're as well off to hang onto the revoked key - you can decrypt with it,
even after it's revoked, and it's possible to end up with old copies of it
kicking around, which someone may use to encrypt to you.


Daniel Carrera wrote:

> Alright.  I have my cool, brand-new key-ring, and I have made a revocation
> certificate for my old key.
> Now that I have the revocation certificate, how do I actually revoke it?
> I guess I must send it to a key-server.  How do I do that?
> Do I need to go over every key-server I sent my key to?  I'm not sure I
> can remember them all.  Or is it enough to send the revocation to one HKP
> and one LDAP key server?
> I have made backups of everything I had encrypted with my old key.  Is it
> safe to delete the key now?
> Thanks for the help.

- --
OpenPGP KeyID: 0xCC1aCD05
Get my key from keyserver.kjsl.com
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org