Un-revoking a key pair
David Shaw
dshaw at jabberwocky.com
Fri Apr 6 16:48:17 CEST 2007
On Fri, Apr 06, 2007 at 01:22:52AM -0500, John B wrote:
>
> Hi gang,
>
> Somehow the other night I accidently imported a revoking thing for
> my main secret and public key pair when I was using kgpg. Kgpg tells
> me I need to un-revoke it in the manual editor, so, could someone
> tell me a quick and easy way to do so, please? Is it possible to
> un-revoke?
Yes it is possible. The first thing is that you must not distribute
the keys while they are in this revoked state: do not send them to
anyone, and absolutely do not send them to a keyserver.
Here's how to unrevoke. It's a very manual process. Be safe: make a
backup before you do stuff like this.
1) Export the public key into a file.
gpg --export (thekey) > mykey.gpg
2) Split it into parts:
gpgsplit mykey.gpg
This breaks the key into multiple files with names like
"000001-006.public_key".
3) Figure out which packet is the revocation. It's likely to be
"000002-002.sig", but make sure with:
gpg --list-packets 000002-002.sig
That will show information about the packet. If the sigclass is
set to 0x20, that's the revocation. Delete that file.
4) Put the key back together again:
cat 0000* > myfixedkey.gpg
5) Remove the old key:
gpg --expert --delete-key (thekey)
You need --expert here so GPG will let you delete the public key
when a private key is still around.
6) Import the new key:
gpg --import myfixedkey.gpg
David
More information about the Gnupg-users
mailing list