Search code examples
gitgithubgnupg

How do I purge my revoked GPG key from existence?

Back Story:

I've recently started learning about Linux and in parallel doing a few online courses and keeping tack of my practice code in a private repo in github as personal notes. I've started learning about GPG keys recently in the process. I clearly do not have enough knowledge on them.

  1. Created a github account with an email. Example original email is something@gmail.com - I used something+github@gmail.com for maintaining few filters in my email account.

  2. Created a repo on github with license and readme files.

  3. Added security so that my primary email cannot be used to commit the work. I want to use the github provided no-reply email for generating the GPG keys and use them to verify and sign my commits.

  4. I made mistakes and created gpg key with my primary email. I set up git to have user.email in config to have no-reply email.

  5. I found the issue after few commits as they are all unverified.

  6. I revoked the GPG key generated. Deleted the public key associated with this gpg key from github account.

  7. I have created an entirely new GPG key with the no-reply github email and using it for signing the further commits in that repo.

Actual Question:

What does revocation actually do? Does it temporarily make this key unusable or permanently unusable? I wish for the latter.

If it is needed, I want to purge this GPG key out from existence everywhere so that I can completely forget about it.

Is there anything more I should do apart from this revocation? It would be helpful if I were to be provided the commands for it too.

Solution

  • When you apply a revocation to a GPG key this key is permanently retired, and cannot be undone.

    I will attache some documentation that will be helpful for you, also this question had been answered, I will give you the link to that too.

    But I will give you some commands: (they will be found in the documentation)

    List keys

    gpg --list-keys

    Revoke your key

    gpg --output revoke.asc --gen-revoke key-ID

    Import revocation certificate into your keyring

    gpg --import revoke.asc

    Search your key on the key-server

    gpg --keyserver pgp.mit.edu --search-keys key-ID

    Send the revoked key to the key-server

    gpg --keyserver pgp.mit.edu --send-keys key-ID

    Just to be clear

    Here is the documentation and the link of the commands I Just give you:

    GIT, Documentation, Git Documentation, The Response