8

I created a private key with an Android app I'm no longer using. I had uploaded the public key to the keyservers without setting an expiry date. I later deinstalled that app, and deinstalling apparently deleted the private key, or else I can't find it on my phone.

From time to time, people try to send me an email encrypted in that old key, because they don't know that I don't have access to the private key. Is there any way of revoking the key on the keyserver or adding a comment to prevent people from doing this? (I didn't create a revocation certificate.)

Turion
  • 243
  • 1
  • 6

1 Answers1

1

You normally would revoke the key:

Revocation is described in the link to another question on ask Ubuntu.

Basically:

The "OpenPGP way" to remove old keys is to mark them as revoked by uploading special revocation certificates. These will tell other OpenPGP users that your key is superseded.

Revoking keys is not possible if you don't have access to the private key, defined a designated revoker or a pregenerated revocation certificate.

Unfortunately, as you don't have access to the private key you wont be able to. Instead, you'll want to generate a new one and, if possible, let your contacts know via some other medium that your key has changed and they will need to use the new one. Often people post keys on twitter or to some other location only they control. If possible change your keys there to a new key and this time be sure to setup a revocation cert.

Community
  • 1
Fernando
  • 735
  • 5
  • 17