GPG Keychain: How to retired an obsolete key ?
How to retire an obsolete key/s ?
Expected
Option to retire obsolete key/s
macOS 10.13 17A264c
GPG Suite 2017.1b3 1812 (d43863c)
GPGMail 2.7b3 1215 (d0b5fa0)
GPG Keychain 1.3.3b2 1271 (028a4a2)
GPGServices 1.11 916 (872e77d)
MacGPG2 2.0.30-1b2 887- (4912d26)
GPGPreferences 2.0.2b3 927 (641418e)
Libmacgpg 0.7 782 (536bf51)
pinentry 0.9.7 4 (b75069d)
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 07 Jun, 2017 05:36 PM
Hi James,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
This KB-article explains how to revoke a key.
Let me know if that answers your question.
All the best,
steve
2 Posted by James Keebler on 07 Jun, 2017 07:02 PM
Hi Steve,
Thank you for the reply.
The revoke option is grayed out on the old certs. that I wanted to close/revoke.
There does not appear to be a way/option to revoke them that I can see.
I checked my current cert. and I have control over that cert. with all of the options, but the old certs. are just there.
I no longer have those e-mail accounts, so the keys do not serve any purpose anymore… and there are no messages that I am aware of that require those old certs.
Any advice on how to proceed would be appreciated.
Thanks again for the help.
Jim Keebler
---
Support Staff 3 Posted by Steve on 07 Jun, 2017 07:26 PM
James, in GPG Keychain for the key you are trying to revoke, what information is displayed in the "Type" column (the very first column)?
Do you have the correct password for the OpenPGP key you want to revoke?
Note the following paragraph from the KB:
"If your key was created with GPG Suite 2013 or older and you have not manually create a revocation certificate you might be out of luck: Without the password and the secret key it is not possible to now create a revocation certificate or revoke the key."
So you may be in a situation where revoking is not possible. But we should double check that.
4 Posted by James Keebler on 07 Jun, 2017 07:30 PM
Hi Steve,
Thank you for the followup, the certs. Pre-date 2013.
Jim Keebler
---
Support Staff 5 Posted by Steve on 07 Jun, 2017 07:31 PM
What about the type column?
6 Posted by James Keebler on 07 Jun, 2017 07:34 PM
Type = pub
Jim Keebler
---
Support Staff 7 Posted by Steve on 07 Jun, 2017 07:39 PM
Ok, in that case revoking will not be possible. You do not have a revocation certificate (unless you recall you manually had created one and stored that in a secure location).
So it's best to use the new key and let anybody using older public keys of yours which the correct public key of yours is.
Support Staff 8 Posted by Steve on 18 Aug, 2017 10:10 AM
Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.
All the best, steve
Steve closed this discussion on 18 Aug, 2017 10:10 AM.