Lost private key
6 months ago I tested with GPG and created therefore the needed key. Now, I lost my private key and therfore created a new one. Now I have two keys on the public server and want wo make sure that users only pick up the right one from the server so that I can decrypt emails. how can I delete the old key? Thanks for any help.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Paul Morten Vik... on 05 May, 2012 08:35 PM
Hi Andreas.
You can not remove your lost key from the key servers. If you don't have a revocation certificate generated for your key (which must be done before you lose it), it will not get revoked either.
You don't have any other way of going forward than telling people you communicate with what key to use. They will probably use the newest one, at least if it is signed by more people than the old one.
I recommend generating a revoke certificate for your new key and make sure you have access to this in case your computer/harddrive/house gets destroyed. It will not let people read your encrypted files, so it can be stored in a more "insecure" manner.
Also get people who trust you and your key to sign your new key, this will help people looking you up see what is the correct key to use.
Paul Morten
2 Posted by Andreas on 06 May, 2012 10:06 AM
Hi Paul,
Thanks for the quick reply. I work with mac osx lion and use time machine as backup system. is it possible to reconstruct the "old" private key from there?
Thanks for your help.
Andreas
3 Posted by Paul Morten Vik... on 06 May, 2012 10:46 AM
Hi again,
I don't use Time Machine so I really don't know.
But it couldn't hurt to try?
How time machine work I don't know, but the file you need to restore is /Users/your_username/.gnupg/secring.gpg (from back when you had the old secret key).
Paul Morten
4 Posted by Andreas on 06 May, 2012 12:55 PM
Hi Paul,
thanks for your help. It works great. I found the old key in my backup system, imported the file and generated a revoke key for the old one. How can I delete the key form the keyserver now?
5 Posted by Paul Morten Vik... on 06 May, 2012 01:06 PM
Hi,
It is not possible to delete it, but you have to import the revoked key certificate to your keyring and upload it to the key server. This marks the key as revoked, and noone will use it (this is the only way to show that a key is lost/compromised/not to be trusted anymore etc).
The key will still exist on the key server, but as revoked (not to be used) and GPG/PGP software will not allow people to use the revoked key to encrypt emails and files to you.
The feature to remove the key entirely from the key server does not exist. This is why it is important to have a revoke certificate for use in the case you lose your key. That will at least alert people not to use it.
Paul Morten
6 Posted by Andreas on 06 May, 2012 01:32 PM
Hi Paul,
This worked very well. The key is now marked and that's an almost perfect solution for me. Many thanks again for the great support.
Andreas
Support Staff 7 Posted by Steve on 16 May, 2012 05:18 PM
Hi all,
looks like this is resolved. Glad you were lucky enough to have a backup copy of your sec key. And Pauls suggestion is the best you can get.
Thanks Paul for jumping in on this :)
steve
Steve closed this discussion on 16 May, 2012 05:18 PM.