Lost private key

Andreas's Avatar


04 May, 2012 09:24 AM

6 months ago I tested with GPG and created therefore the needed key. Now, I lost my private key and therfore created a new one. Now I have two keys on the public server and want wo make sure that users only pick up the right one from the server so that I can decrypt emails. how can I delete the old key? Thanks for any help.

  1. 1 Posted by Paul Morten Vik... on 05 May, 2012 08:35 PM

    Paul Morten Vikanes's Avatar

    Hi Andreas.
    You can not remove your lost key from the key servers. If you don't have a revocation certificate generated for your key (which must be done before you lose it), it will not get revoked either.

    You don't have any other way of going forward than telling people you communicate with what key to use. They will probably use the newest one, at least if it is signed by more people than the old one.

    I recommend generating a revoke certificate for your new key and make sure you have access to this in case your computer/harddrive/house gets destroyed. It will not let people read your encrypted files, so it can be stored in a more "insecure" manner.
    Also get people who trust you and your key to sign your new key, this will help people looking you up see what is the correct key to use.

    Paul Morten

  2. 2 Posted by Andreas on 06 May, 2012 10:06 AM

    Andreas's Avatar

    Hi Paul,
    Thanks for the quick reply. I work with mac osx lion and use time machine as backup system. is it possible to reconstruct the "old" private key from there?

    Thanks for your help.


  3. 3 Posted by Paul Morten Vik... on 06 May, 2012 10:46 AM

    Paul Morten Vikanes's Avatar

    Hi again,
    I don't use Time Machine so I really don't know.
    But it couldn't hurt to try?

    How time machine work I don't know, but the file you need to restore is /Users/your_username/.gnupg/secring.gpg (from back when you had the old secret key).

    Paul Morten

  4. 4 Posted by Andreas on 06 May, 2012 12:55 PM

    Andreas's Avatar

    Hi Paul,
    thanks for your help. It works great. I found the old key in my backup system, imported the file and generated a revoke key for the old one. How can I delete the key form the keyserver now?

  5. 5 Posted by Paul Morten Vik... on 06 May, 2012 01:06 PM

    Paul Morten Vikanes's Avatar

    It is not possible to delete it, but you have to import the revoked key certificate to your keyring and upload it to the key server. This marks the key as revoked, and noone will use it (this is the only way to show that a key is lost/compromised/not to be trusted anymore etc).
    The key will still exist on the key server, but as revoked (not to be used) and GPG/PGP software will not allow people to use the revoked key to encrypt emails and files to you.

    The feature to remove the key entirely from the key server does not exist. This is why it is important to have a revoke certificate for use in the case you lose your key. That will at least alert people not to use it.

    Paul Morten

  6. 6 Posted by Andreas on 06 May, 2012 01:32 PM

    Andreas's Avatar

    Hi Paul,

    This worked very well. The key is now marked and that's an almost perfect solution for me. Many thanks again for the great support.


  7. Support Staff 7 Posted by Steve on 16 May, 2012 05:18 PM

    Steve's Avatar

    Hi all,

    looks like this is resolved. Glad you were lucky enough to have a backup copy of your sec key. And Pauls suggestion is the best you can get.

    Thanks Paul for jumping in on this :)


  8. Steve closed this discussion on 16 May, 2012 05:18 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac