Revoking Old Keys... my problem
linux at codehelp.co.uk
Fri Apr 30 13:22:16 CEST 2004
On Friday 30 April 2004 10:29, Bill Turner wrote:
> I have a problem I am not sure how to deal with. Put as plainly as I
> know how, there is an old key out there,
> The reason that the old
> key is a problem for me is that the laptop I had it stored on, and
> everything else, was stolen from me. I do not remember my passphrase
> after almost two years. I am just not sure how to go about 'properly'
> revoking it.
A passphrase (even if you could remember it) is useless without the secret
key. If you don't have a backup of the secret key from that laptop, forget
trying to remember the passphrase (if you follow) because you cannot use it
to revoke this key.
If you also do not have a revocation certificate (GnuPG advice is to create
one immediately after generating the new key, print it out (v.small) and
delete the file) then this key is doomed to hang around on keyservers for
ever with no realistic possibility of being revoked or deleted.
> The email address that was based on is at an ISP I no longer use, not
> that it matters really. I am just confused about the 'correct' procedure
Correct procedure is to always have a revocation certificate stored somewhere
v.safe in case you lose the use of the secret key. The certificate can be
used by anyone, it just needs to be imported into a keyring that already
holds the public key to be revoked - no secret key or passphrase is required
to use the revocation certificate, which is why it must be kept safe! Then,
the revoked key should be sent to the keyservers and the keyserver merge the
two and show the key as revoked.
If you have no revocation certificate and no backup of the secret key, you
haven't got a prayer. You can't really ask for the correct procedure now when
you've already ignored the correct procedure that would have prevented the
problem in the first place!
> here. There are people I was exchanging email with that have that key,
> and not the new one, so I just am not clear how to do this.
Tell them directly - and QUICKLY, they could be justifiably upset that you
hadn't told them immediately the laptop was stolen! Explain that you were
careless not to have the revocation certificate or a backup and that the old
key must never be used again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20040430/7ab376ed/attachment.bin
More information about the Gnupg-users