How to revoke a secret key and certificate?
Werner Koch
wk at gnupg.org
Fri Mar 12 12:14:02 CET 2004
On Tue, 9 Mar 2004 20:09:46 -0500, Matej Cepl said:
> previous key and I would like to get rid of it from my keyring
> (or it least how to say to GPGSM machinery that the key and
> certificate are revoked)? When tried to import revoke.crl CRL
> list from http://www.cacert.org/revoke.crl with kgpgcertmanager
> I got error shown in the attached screenshot.
You don't have the issuer's certificate and dirmngr was not able to
retrieve it. We fixed a lot of things in the last months, thus an
upgrade to the new backend is advisable - you may keep the old KMail
along with the cryptplugin and gpg 0.3.16.
Deleting the key is a mere
gpgsm --delete-key USERID
if you also want to delete the private key, you need to do this prior:
gpgsm -k --with-key-data USERID
Then look for a line like
grp:::::::::42EA1A8F1061AE86C6B2F4BE42704FA953EF0777:
and do
rm ~/.gnupg/private-keys-v1.d/42EA1A8F1061AE86C6B2F4BE42704FA953EF0777.key
Note, that in future versions the same private key may be used for
several certificates or OpenPGP keys; thus it is in general not
advisable to delete the private key if you don't know how it is used.
This is also the reason why there is no --delete-secret-key command
for gpgsm.
Werner
More information about the Gpa-dev
mailing list