On 10 Sep 2003 10:34:53 -0700, sydemon wrote:

> I'm a noob and in learning how to use PGP i created and uploaded
> several keys to the keyserver. i then deleted the keys locally, but
> they are still on the server. i then learn that i should've revoked
> the keys, then uploaded them, to get them off the server. now is
> there any way to get the keys off the server, since i don't have the
> private key locally, i foolishly deleted them.

No.

Even if you still had the keys, you cannot delete them from the
keyservers. Some of the servers will allow deletion, but should
get the keys back again, when they sync with other servers.

For future reference, when you create a key, you should also
generate a revocation certificate, that you store in a safe
place, so you can send it to the key servers if/when necessary.

One thing you can do now, is generate a new key, and add a userid
such as "do not use keyid 0x?????. Private key destroyed",
so anyone searching the keyserver using your name will hopefully
see it, and choose the newer key.

Regards, Dave Hodgins

"David W. Hodgins" wrote in message news:...
> On 10 Sep 2003 10:34:53 -0700, sydemon wrote:
>
> > I'm a noob and in learning how to use PGP i created and uploaded
> > several keys to the keyserver. i then deleted the keys locally, but
> > they are still on the server. i then learn that i should've revoked
> > the keys, then uploaded them, to get them off the server. now is
> > there any way to get the keys off the server, since i don't have the
> > private key locally, i foolishly deleted them.
>
> No.
>
> Even if you still had the keys, you cannot delete them from the
> keyservers. Some of the servers will allow deletion, but should
> get the keys back again, when they sync with other servers.
>
> For future reference, when you create a key, you should also
> generate a revocation certificate, that you store in a safe
> place, so you can send it to the key servers if/when necessary.
>
> One thing you can do now, is generate a new key, and add a userid
> such as "do not use keyid 0x?????. Private key destroyed",
> so anyone searching the keyserver using your name will hopefully
> see it, and choose the newer key.
>
> Regards, Dave Hodgins


Thanks for the tips Dave. I'll create the keys you suggested. to
create a revocation certificate w/ PGP 8 do i just add a revoker? or
is that another way to revoke certs?

On 10 Sep 2003 15:08:08 -0700, sydemon wrote:
> Thanks for the tips Dave. I'll create the keys you suggested. to
> create a revocation certificate w/ PGP 8 do i just add a revoker? or
> is that another way to revoke certs?

PGP 8 does allow you to specify a revoker, but I've never tried using it.

What I do, is ...
- Create a backup of the keyring files.
- Revoke the key
- Export the revoked key to a file
- Copy the exported file to a backup
- Without pgp running, restore the keyrings from the backup.

Keep the file with the exported revoked key, in a safe place, so
you can send the revoked key to the keyservers easily, when/if
needed.

This doesn't really do much, since, if you have backups of the
keyrings, you can revoke the key later.

You can send the file containing the revoked version of the key,
to someone you trust, who can revoke your key for you, if needed.

The main thing, is to make sure you keep copies of your keyrings,
in safe places.

Regards, Dave Hodgins

"sydemon" wrote in message
news:49cf01cc.0309101408.4cb8cf39@posting.google.c om...
> "David W. Hodgins" wrote in message
news:...
> > On 10 Sep 2003 10:34:53 -0700, sydemon wrote:
> >
> > > I'm a noob and in learning how to use PGP i created and uploaded
> > > several keys to the keyserver. i then deleted the keys locally, but
> > > they are still on the server. i then learn that i should've revoked
> > > the keys, then uploaded them, to get them off the server. now is
> > > there any way to get the keys off the server, since i don't have the
> > > private key locally, i foolishly deleted them.
> >
> > No.
> >
> > Even if you still had the keys, you cannot delete them from the
> > keyservers. Some of the servers will allow deletion, but should
> > get the keys back again, when they sync with other servers.
> >
> > For future reference, when you create a key, you should also
> > generate a revocation certificate, that you store in a safe
> > place, so you can send it to the key servers if/when necessary.
> >
> > One thing you can do now, is generate a new key, and add a userid
> > such as "do not use keyid 0x?????. Private key destroyed",
> > so anyone searching the keyserver using your name will hopefully
> > see it, and choose the newer key.
>
> Thanks for the tips Dave. I'll create the keys you suggested. to
> create a revocation certificate w/ PGP 8 do i just add a revoker? or
> is that another way to revoke certs?

A revocation certificate is something that some versions of PGP (and related
apps) allow you to create separately, but with PGP 8, you should backup the
key, revoke it, back up the _revoked_ version, then restore the original. If
you loose the original private key, load the revoked version and publish
that.

A revoker is another private key that is permitted to publish a revocation
certificate on your key (I guess this works by encrypting a revocation
certificate to the corresponding public key and attaching it to your public
key). One of my trusted friends is a revoker on my key, so that if
everything goes wrong my key can still be revoked. But if we fell out, he
could revoke my key without my permission.

I've seen some key servers (don't ask me which ones - you'll just have to
google to find them all to check) allow you to 'hide' a key. This means that
unless you actually search for the key by its KeyID, it won't be returned by
searches, and this isn't affected by the server synchronising with the other
servers. However, you need to do this to all the servers individually, and
not all of them allow it, particularly if you cannot prove that you are the
original owner of the key.

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GU>M d- s+:- a--- C++(++++) !U W++(+++) N+(++) o K? w+(--) ?O M>++ V? PS+
PE-@ Y+(++) PGP++ t+(*) 5 X R(+) tv(-) b+(+++) DI++++ D G e(*) h!>--- r++
z+>+++
------END GEEK CODE BLOCK------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Gamma3000" wrote in
news:3f60dfba@shknews01:


> A revoker is another private key that is permitted to publish a
> revocation certificate on your key (I guess this works by encrypting a
> revocation certificate to the corresponding public key and attaching
> it to your public key). One of my trusted friends is a revoker on my
> key, so that if everything goes wrong my key can still be revoked. But
> if we fell out, he could revoke my key without my permission.


Just a reminder: This Designated Revoker has little function outside a
corporate environment. When a Designated Revoker revokes a key, it will
not show as revoked unless you also have the Designated Revoker's key on
your keyring.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

iQEVAwUBP2D3WWDeI9apM77TAQJOBQgAjl9TOjZOaTBP646Nzm exebnKiPe1EOPZ
D5cApMbDBLe3OkP18/5RRxbSK4ir9KOtqMOJ1GgwuA4YgMgePCLk3iaS6tDdCWbD
lFoSucAtPuApu3qrfL3x8W9aXpppmkPWOEjeR7hcfvD5Sn0crz yML4hlYiBqp67r
KopmBhC25zHW3wUhTSVLr87Yb2UqI5G+/deeogPZ8ZZrJ877t5zEpVZRHj1h4NSS
HQ6tWXYuHVJ4c4hfjwvK4CpObGZ67fHzYf2z7f+gvVtphhmGmw KCuGUQhiaJTJpo
9lRXJOAhNsBB6/FkK63ZC9bAfDvLtEcnVxOqV/uuhUVqlCgwe0cpzg==
=DtB8
-----END PGP SIGNATURE-----