Revoking a GPG key
Now after long time, I would like to revoke my old gpg key (0x732BE57D). I found the documentation on this a little sparse, so here are the steps I took.
gpg --gen-revoke 0x732BE57D
0x732BE57D is the ID for my key. You’re asked if you want to provide a reason for the revocation (key comprised, superseded or no longer used) and an optional free-text description. After supplying your passphrase, an ascii-armoured key block is printed out. Paste this text into a file.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: A revocation certificate should follow QCfaMzd5Aj8iGEEIBECACEFAklx2aMaHQFyZXBsYWNlZCB3aXR RK8LcYHjvuGqHrZvKoAnRwycNdRFRHFZEg5YLgVpNWi/S9HQ =xQFS -----END PGP PUBLIC KEY BLOCK-----
This step could be performed when you first generate your key, and the results stashed in a safe place for later use if you lose it.
gpg --import 0x732BE57D_revoke_cert.asc
Issuing this command imports the revocation into your keyring, revoking your key.
gpg --keyserver pgp.mit.edu --send-keys 0x732BE57D
This send the revoked key to the public keyserver at pgp.mit.edu. If it succeeds, you’ll get the message ‘gpg: success sending to `pgp.mit.edu' (status=200)‘. If you check your key’s verbose index page on pgp.mit.edu, you’ll see *** KEY REVOKED *** on the first line of the details.
Only for your information, my current (since 2007) gpg key is 0xE80BF2AB.