GPG: Revoking your public key and notifiying key-server

If you lost your private key then your public key becomes useless because you will not be able to decrypt any encrypted message sent to you. You need to revoke your public key and let other users know that this key is no longer useful.

If you have uploaded your public key into HKP key-servers then you also need to notify the key-server about your key revocation.

REVOKE KEY ON YOUR SYSTEM (KEYRING)

1) List keys

First of all, list the keys from your keyring:


gpg --list-keys

Suppose, that the following is the key which you want to revoke:

pub 2048R/C5DB61BC 2015-04-21
uid Your Name (Optional Comment)
sub 2048R/18C601D3 2015-04-21

In the above key, the key-ID is C5DB61BC.

2) Revoke your key

Now, you need to revoke your key with the following command:


gpg --output revoke.asc --gen-revoke key-ID

Your revocation key certificate is stored in the file named “revoke.asc”.

3) Import revocation certificate into your keyring

After this, you need to import the revocation certificate into your public keyring:


gpg --import revoke.asc

You have successfully revoked your key in your keyring.

REVOKE KEY ON KEY-SERVER

1) Search your key on key-server

Suppose, you had uploaded your public key in online keyserver. Let the key server be pgp.mit.edu.

You can check/search your key in the MIT keyserver with the following command:


gpg --keyserver pgp.mit.edu --search-keys key-ID

2) Revoke your key on key-server

To revoke your public key in the keyserver, you need to run the following command. I am using pgp.mit.edu keyserver.


gpg --keyserver pgp.mit.edu --send-keys key-ID

You have already revoked the key in your keyring. So, this revoked key is sent to the keyserver. Hence, your key in the online keyserver will also get revoked.