Un-revoking a key pair

David Shaw dshaw at jabberwocky.com
Fri Apr 6 16:48:17 CEST 2007


On Fri, Apr 06, 2007 at 01:22:52AM -0500, John B wrote:
> 
>   Hi gang,
> 
>   Somehow the other night I accidently imported a revoking thing for
> my main secret and public key pair when I was using kgpg. Kgpg tells
> me I need to un-revoke it in the manual editor, so, could someone
> tell me a quick and easy way to do so, please? Is it possible to
> un-revoke?

Yes it is possible.  The first thing is that you must not distribute
the keys while they are in this revoked state: do not send them to
anyone, and absolutely do not send them to a keyserver.

Here's how to unrevoke.  It's a very manual process.  Be safe: make a
backup before you do stuff like this.

  1) Export the public key into a file.
     gpg --export (thekey) > mykey.gpg

  2) Split it into parts:
     gpgsplit mykey.gpg

     This breaks the key into multiple files with names like
     "000001-006.public_key".

  3) Figure out which packet is the revocation.  It's likely to be
     "000002-002.sig", but make sure with:
     gpg --list-packets 000002-002.sig

     That will show information about the packet.  If the sigclass is
     set to 0x20, that's the revocation.  Delete that file.

  4) Put the key back together again:
     cat 0000* > myfixedkey.gpg

  5) Remove the old key:
     gpg --expert --delete-key (thekey)

     You need --expert here so GPG will let you delete the public key
     when a private key is still around.

  6) Import the new key:
     gpg --import myfixedkey.gpg

David



More information about the Gnupg-users mailing list