Remove a Key From a Key Server? by David Ross

David Shaw dshaw at
Mon Aug 11 14:29:03 CEST 2008

On Aug 11, 2008, at 5:47 AM, Allen Schultz wrote:

> I have a question about David Ross's instructions for revoking old
> keys that you no longer have access to per instructions on his website
> ( ). Do I create a
> key just for revoking all old keys and have a seperate for a new key?
> How does this work?

I'm afraid it doesn't.  There is no way to revoke any key where you  
don't have the secret part (if you think about it, the ability to do  
this would imply a break of OpenPGP signatures).

There used to be a popular trick where people would add extra user IDs  
to a key.  Keyservers might show them, but, again, without the secret  
part, those extra user IDs can't be signed and modern OpenPGP programs  
will simply ignore them once the key is imported.

I'm afraid I can't see any way the method on that web page would  
work.  In fact, it's worse than just doing nothing, as the end result  
is a valid signature from the active key on the dead key.  I think the  
intent is that you have a signature on the dead key that reads "Do not  
use", but the steps given on that web page do not actually accomplish  


More information about the Gnupg-users mailing list