How Revoke an "Unrevokeable" Key

vedaal at vedaal at
Fri Nov 23 19:52:48 CET 2007

On 2007-11-23 Kara wrote:

> I have one very, very poor possibility that you might consider  --
> won't solve your problem but is perhaps somewhat better than 
> 1.  Create a new key and include as a comment:  Replaces 
>     Then make a revocation certificate for the new key,
>     make a backup of the new key, *and then and only then*:
>     a.  Use that new key to sign all userIDs on 0x12345678.
>     b.  Then upload 0x12345678 to a public keyserver.
>     c.  Then, if you wish -- upload your "new" key to a
>         public keyserver.

the problem with this is,

that *anybody* pretending to be you,
can 'also' do this,
and create impostor keys

so, in order for this to be meaningful, 
it is even more 'tedious'

as it will require all those who 'trusted' the previous key that 
needs to be revoked,
to 'trust' the new replacement key, and sign it,
(something that would not be done for an impostor's key)

and then add to the comment,
"signed by all keys who signed original key 0x12345678"

if 'no one' signed the original key,
then this is much less of a problem,
as no one trusted it enough yet,

so just use the 'new' key without any comments,
and eventually people will begin to 'trust' that one,
and ignore the previous one


Stop collection calls.  Click here to receive information on how to improve your credit.

More information about the Gnupg-users mailing list