UID changes (was Key Revocation)

Henry Hertz Hobbit hhhobbit at securemecca.net
Sun Apr 22 07:25:21 CEST 2007


David Shaw wrote:

<SNIP>

> You select the user id with "uid x" where x is the number of
> the user ID.  Then "revuid".

Optionally, later on you can also do a (again, you have to pick
whether to "revuid" or "deluid) (a "#" indicates a comment):

$ gpg --edit-key 98E6705C
Command> uid
# shows uids so you can pick one.  Sorry, I don't trust order
# to always be right, so I make SURE I get the right one. Use
# the number next to the old UID in the next command.
Command> uid 2
Command> deluid
# you can type "quit" instead of "save" next and no changes
# are made.
Command> save

You may get confused, so when editing a key do a:

Command> ?

To get a list of the commands.  The ones that are
relevant only to UIDs are the first five.  The last
two are relevant to any changes you make to your keys:

uid
adduid
deluid
primary
revuid
save		# changes won't occur unless this is done
quit		# bails out and makes NO changes.

Be sure that if you revoke, you revoke the UID, NOT the key.
"quit" is your friend in case you get confused.  If you "quit"
ALL of the changes are scrapped.  Nothing is actually done
until you "save".

BTW, I would call this UID changes, since you are adding a
new UID (adduid), making it a primary (uid 1, primary - be
sure to do this to make your new email address the primary),
and optionally later on either revoking (revuid) or deleting
(deluid) the old UID.  You are NOT revoking the keys (you have
two - the 1024D/98E6705C DSA key and your sub ####g/########
ElGamal key); you are just modifying the UID list.  It may be
helpful to think of the key numbers themselves as being the
primary entities, and the user IDs as being subservient to
them, but all of them exist together.  You need at least one
UID for the key.  You can have as many UIDs associated with
a key as you need or wish to have (within reason).  I say
that since you may want to purchase your own domain and
email address from a company you think will be there for
quite a while.  1and1.com is selling them for about $20 a
year, and Yahoo is selling them for about $35 a year.  Once
that is done, the musical email addresses can be tamed a
little bit.  You have the additional benefit of a blissfully
short user name (chris at chrispollock.net is available; you
or somebody else already took chrispollock.org).

Once your changes are done, make sure you generate a new
revocation file with a:

$ gpg -a --gen-revoke 98E6705C > rev_cpollock_embarqmail_com.asc

Store it in a safe place.  If you forget your passphrase,
import it later on to revoke your keys to the key-server
if it becomes necessary.  Oh yes, once all of those changes
have been made, BACK up your keys (pubring.gpg, secring.gpg,
trustdb.gpg).  Store that back-up in the same safe place
as your revocation file.  A bank safety deposit box is not
out of line (no kidding).

HHH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070421/c2daefc4/attachment.pgp 


More information about the Gnupg-users mailing list