PGP key revocation certificate.
Follow these steps to generate a public key revocation certificate without
destroying your key:
PGP
- Backup the files secring.pgp and pubring.pgp.
- PGP version 2.6.3:
- Disable your key with the -kd option.
pgp -kd <your key>. - Answer yes to all the questions about whether you are sure.
- Once revoked, dump your key in ASCII.
pgp -kxa <your key>.
- Disable your key with the -kd option.
- PGP version 5.X:
- Disable your key with the pgpk --revoke option:
pgpk --revoke <your key>. - Answer yes to all the questions about whether you are sure.
- Once revoked, dump your key in ASCII.
pgpk -xa <your key>.
- Disable your key with the pgpk --revoke option:
- PGP versión 6.X:
- Disable your key with the pgp6 -kd option:
pgp6 -kd <your key>. - Answer yes to all the questions about whether you are sure.
- Once revoked, dump your key in ASCII.
pgp6 -kxa <your key>.
- Disable your key with the pgp6 -kd option:
- PGP version 2.6.3:
- Save this ASCII dump in a safe, offline place (have in mind that anyone with access to this can effectively revoke your key!)
- Restore secring.pgp and pubring.pgp.
- Voilà . Your key is back, but you have a revocation certificate in case you ever lose access to it.
GNU PGP
- Genere a revocation certifica with the gpg --gen-revoke option:
gpg --gen-revoke <su clave>. - Answer yes to all the questions about whether you are sure.
- Save this ASCII dump in a safe, offline place
