GPG Keychain: How to retired an obsolete key ?

james keebler's Avatar

james keebler

07 Jun, 2017 01:42 AM

How to retire an obsolete key/s ?

Expected
Option to retire obsolete key/s

macOS           10.13       17A264c
GPG Suite       2017.1b3    1812    (d43863c)
GPGMail         2.7b3       1215    (d0b5fa0)
GPG Keychain    1.3.3b2     1271    (028a4a2)
GPGServices     1.11        916     (872e77d)
MacGPG2         2.0.30-1b2  887-    (4912d26)
GPGPreferences  2.0.2b3     927     (641418e)
Libmacgpg       0.7         782     (536bf51)
pinentry        0.9.7       4       (b75069d)
  1. Support Staff 1 Posted by Steve on 07 Jun, 2017 05:36 PM

    Steve's Avatar

    Hi James,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    This KB-article explains how to revoke a key.

    Let me know if that answers your question.

    All the best,
    steve

  2. 2 Posted by James Keebler on 07 Jun, 2017 07:02 PM

    James Keebler's Avatar

    Hi Steve,

    Thank you for the reply.

    The revoke option is grayed out on the old certs. that I wanted to close/revoke.
    There does not appear to be a way/option to revoke them that I can see.

    I checked my current cert. and I have control over that cert. with all of the options, but the old certs. are just there.
    I no longer have those e-mail accounts, so the keys do not serve any purpose anymore… and there are no messages that I am aware of that require those old certs.

    Any advice on how to proceed would be appreciated.
    Thanks again for the help.

    Jim Keebler

    ---

  3. Support Staff 3 Posted by Steve on 07 Jun, 2017 07:26 PM

    Steve's Avatar

    James, in GPG Keychain for the key you are trying to revoke, what information is displayed in the "Type" column (the very first column)?

    Do you have the correct password for the OpenPGP key you want to revoke?

    Note the following paragraph from the KB:

    "If your key was created with GPG Suite 2013 or older and you have not manually create a revocation certificate you might be out of luck: Without the password and the secret key it is not possible to now create a revocation certificate or revoke the key."

    So you may be in a situation where revoking is not possible. But we should double check that.

  4. 4 Posted by James Keebler on 07 Jun, 2017 07:30 PM

    James Keebler's Avatar

    Hi Steve,

    Thank you for the followup, the certs. Pre-date 2013.

    Jim Keebler

    ---

  5. Support Staff 5 Posted by Steve on 07 Jun, 2017 07:31 PM

    Steve's Avatar

    What about the type column?

  6. 6 Posted by James Keebler on 07 Jun, 2017 07:34 PM

    James Keebler's Avatar

    Type = pub

    Jim Keebler

    ---

  7. Support Staff 7 Posted by Steve on 07 Jun, 2017 07:39 PM

    Steve's Avatar

    Ok, in that case revoking will not be possible. You do not have a revocation certificate (unless you recall you manually had created one and stored that in a secure location).

    So it's best to use the new key and let anybody using older public keys of yours which the correct public key of yours is.

  8. Support Staff 8 Posted by Steve on 18 Aug, 2017 10:10 AM

    Steve's Avatar

    Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.

    All the best, steve

  9. Steve closed this discussion on 18 Aug, 2017 10:10 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac