Expire a single UID

Damien Goutte-Gattat dgouttegattat at incenp.org
Mon Jun 11 14:04:20 CEST 2018


On 06/11/2018 09:30 AM, Max-Julian Pogner wrote:
> *) should i revoke the uid on the old key? => However, as far as i 
> know, the secret key is not / was never compromised.

This is probably the best option in my opinion, since you will no longer
use that key with this email address.

Revoking a UID is not the same as revoking a key, and does not imply
that the associated secret key has been compromised (if a key has
been compromised you should revoke the key itself, not the UID). Most
often it simply means "I no longer use that UID". Note that when
revoking the UID you will have the option of specifying a reason for the

> *) Also, other persons have signed the UID 
> max-julian.pogner at openresearch.com at key 0x2D40BDB44401A8AA without 
> expiration date. What should they do?

With regard to your old key, they don't have anything to do. Your
revocation of the UID takes precedence over their signatures.

With regard to your new key, you might want to ask them if they could
sign it. One way to do that is to send them an email signed by both the
old key and the new key, so that they know you control both keys.

> Thanks for any hints!

Here's another possibility: Have you considered using an OpenPGP card?
This would allow you to keep your private keys under your control, even
when you use them on your employer-provided system.

Hope that helps,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180611/0bf5c461/attachment-0001.sig>

More information about the Gnupg-users mailing list