Remove a Key From a Key Server? by David Ross
David Shaw
dshaw at jabberwocky.com
Mon Aug 11 14:29:03 CEST 2008
On Aug 11, 2008, at 5:47 AM, Allen Schultz wrote:
> I have a question about David Ross's instructions for revoking old
> keys that you no longer have access to per instructions on his website
> ( http://www.rossde.com/PGP/pgp_keyserv.html#noremove ). Do I create a
> key just for revoking all old keys and have a seperate for a new key?
> How does this work?
I'm afraid it doesn't. There is no way to revoke any key where you
don't have the secret part (if you think about it, the ability to do
this would imply a break of OpenPGP signatures).
There used to be a popular trick where people would add extra user IDs
to a key. Keyservers might show them, but, again, without the secret
part, those extra user IDs can't be signed and modern OpenPGP programs
will simply ignore them once the key is imported.
I'm afraid I can't see any way the method on that web page would
work. In fact, it's worse than just doing nothing, as the end result
is a valid signature from the active key on the dead key. I think the
intent is that you have a signature on the dead key that reads "Do not
use", but the steps given on that web page do not actually accomplish
this.
David
More information about the Gnupg-users
mailing list