can/should i delete old public key? - PGP

This is a discussion on can/should i delete old public key? - PGP ; ok, this may or may not be an issue at all, but here's the situation...several years ago i created a pgp key pair that i never used and, of course, lost, whose user id is the same email i use ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: can/should i delete old public key?

  1. can/should i delete old public key?

    ok, this may or may not be an issue at all, but here's the
    situation...several years ago i created a pgp key pair that i never used
    and, of course, lost, whose user id is the same email i use today...i
    have recently found a need to use pgp regularly and created a new keypair
    that is backed up to multiple places in multiple physical locations so
    losing this one is not a possibility. my question is this...will a pgp
    user, attempting to send me a message, get the old or new key from a
    search of the keyserver from an email plugin for example? my concern is
    that someone encrypt to the old key and not the new one and i would, of
    course, not be able to read it...

    ps:the old key exists only on an old mit.edu server and not on what i
    assume is the main pgp server now at keyserver.pgp.com

    i would be grateful for any insight someone might shed on this
    c

  2. Re: can/should i delete old public key?

    > ok, this may or may not be an issue at all, but here's the
    > situation...several years ago i created a pgp key pair that i never used
    > and, of course, lost, whose user id is the same email i use today...i
    > have recently found a need to use pgp regularly and created a new keypair
    > that is backed up to multiple places in multiple physical locations so
    > losing this one is not a possibility. my question is this...will a pgp
    > user, attempting to send me a message, get the old or new key from a
    > search of the keyserver from an email plugin for example? my concern is
    > that someone encrypt to the old key and not the new one and i would, of
    > course, not be able to read it...


    That is quite possible. It would be a good idea to delete it if you could
    >
    > ps:the old key exists only on an old mit.edu server and not on what i
    > assume is the main pgp server now at keyserver.pgp.com


    Don't be so sure. Keyservers synchronise with each other. Search the main
    keyserver and see if it's there, it probably will be.
    >
    > i would be grateful for any insight someone might shed on this


    You can't delete it, well you can but it will reappear as soon as that
    keyserver synchronises with another. If it's on a non-synchronising
    keyserver then you're in luck, just delete it. If not the best thing would
    be to revoke it if you have a revocation certificate or can find the secret
    key. If not the only thing I could suggest is to make a key with a name
    like "old key, use keyID0xXXXXX instead" and then sign your old key with
    that. Hopefully people will notice that.

+ Reply to Thread