Search code examples
gnupg

How the correct way to revoke GPG on key server?

I have been revoke my GPG key on some of pgp keyserver, However i've found that the key is not verified. How to completly revoke the key and verify the key is no longer used.

I've found some post that almost same with my question, but it's not clearly enough to answer how to verify the key revocation completely.

Here i attached the picture of my key that upload to https://pgp.mit.edu enter image description here

Solution

  • Unfortunately the GPG key that has been sent to the key server cannot be deleted. You need to revoke your public key and notify other users that this key is no longer useful.

    If you have uploaded the public key to the HKP key server then you must also inform the key server about the revocation of your key.

    1) List keys

    First of all, list the keys from your keyring:

    gpg --list-keys

    Suppose, that the following is the key which you want to revoke:

    pub 2048R/C5DB61BC 2015-04-21
uid Your Name (Optional Comment)
sub 2048R/18C601D3 2015-04-21

    In the above key, the key-ID is C5DB61BC.

    2) Revoke your key

    Now, you need to revoke your key with the following command:

    gpg --output revoke.asc --gen-revoke key-ID

    Your revocation key certificate is stored in the file named “revoke.asc”.

    3) Import revocation certificate into your keyring

    After this, you need to import the revocation certificate into your public keyring:

    gpg --import revoke.asc

    You have successfully revoked your key in your keyring.

    REVOKE KEY ON KEY-SERVER

    1) Search your key on key-server

    Suppose, you had uploaded your public key in online keyserver. Let the key server be pgp.mit.edu.

    You can check/search your key in the MIT keyserver with the following command:

    gpg --keyserver pgp.mit.edu --search-keys key-ID

    2) Revoke your key on key-server

    To revoke your public key in the keyserver, you need to run the following command. I am using pgp.mit.edu keyserver.

    gpg --keyserver pgp.mit.edu --send-keys key-ID

    You have already revoked the key in your keyring. So, this revoked key is sent to the keyserver. Hence, your key in the online keyserver will also get revoked.