Proper revocation

kwadronaut kwadronaut at
Tue Mar 13 10:24:38 CET 2012

Big thanks to Daniel who helped me once again by putting me on the right

On 07/03/12 21:16, Daniel Kahn Gillmor wrote:
> "editing" a revocation certificate doesn't make much sense, since if you
> modify the certificate, you'll invalidate the signature.  Better to
> think of it as discarding an existing revocation certificate and
> creating a new one.

A solution, with some comments in between the commands, so people can't
simply copy-paste but think about what they're doing.

$ cd $(mktemp -d)
Mind what you're doing, others might be able to read in that directory.
$ gpg --export $KEYID | gpgsplit -v
I think gpgsplit people deserve a big thank you.
$ gpg --expert --delete-keys 0x3F6C6602
expert because it would usually be a silly thing to do; removing the
pubkey when there's still a private key for it.
gpg: there is a secret key for public key "$KEYID"!
gpg: use option "--delete-secret-keys" to delete it first.
$ rm 000002-002.sig
Don't know what packet you need to remove, but you know what a backup
is, right?
$ cat * | gpg --import


apologies to the list-maintainer for extra work

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120313/72caf558/attachment.pgp>

More information about the Gnupg-users mailing list