Revoking a GPG key

转自:Revoking a GPG key

A couple of months ago, I lost my lovely laptop in a burglary. This weekend, Edd reminded me that my GPG private key was on the machine, so I performed the necessary rituals to revoke it. I found the documentation on this a little sparse, so here are the steps I took.


$ gpg --gen-revoke 6382285E

6382285E is the ID for my key. You’re asked if you want to provide a reason for the revocation (key comprised, superseded or no longer used) and an optional free-text description. After supplying your passphrase, an ascii-armoured key block is printed out. Paste this text into a file. In my case, it looked like this:

Version: GnuPG v1.2.4 (GNU/Linux)
Comment: A revocation certificate should follow


This step could be performed when you first generate your key, and the results stashed in a safe place for later use if you lose it. In my case, I’d kept a backup copy of the original keypair, so I was able to generate a revocation after the event.

$ gpg --import my_revocation.txt

Issuing this command imports the revocation into your keyring, revoking your key.

$ gpg --keyserver --send-keys 6382285E

This send the revoked key to the public keyserver at If it succeeds, you’ll get the message ‘gpg: success sending to `' (status=200)‘. If you check your key’s verbose index page on, you’ll see *** KEY REVOKED *** on the first line of the details.

For the record, my new key has the ID 097891DA.

Update: I just found the official word on how to do this. It’s in question 4.17 of the gpg faq.



电子邮件地址不会被公开。 必填项已用*标注