PGP key revocation certificate.

Follow these steps to generate a public key revocation certificate without destroying your key:

PGP

  1. Backup the files secring.pgp and pubring.pgp.
    • PGP version 2.6.3:
      1. Disable your key with the -kd option.
        pgp -kd <your key>.
      2. Answer yes to all the questions about whether you are sure.
      3. Once revoked, dump your key in ASCII.
        pgp -kxa <your key>.
    • PGP version 5.X:
      1. Disable your key with the pgpk --revoke option:
        pgpk --revoke <your key>.
      2. Answer yes to all the questions about whether you are sure.
      3. Once revoked, dump your key in ASCII.
        pgpk -xa <your key>.
    • PGP versión 6.X:
      1. Disable your key with the pgp6 -kd option:
        pgp6 -kd <your key>.
      2. Answer yes to all the questions about whether you are sure.
      3. Once revoked, dump your key in ASCII.
        pgp6 -kxa <your key>.
  2. Save this ASCII dump in a safe, offline place (have in mind that anyone with access to this can effectively revoke your key!)
  3. Restore secring.pgp and pubring.pgp.
  4. Voilà. Your key is back, but you have a revocation certificate in case you ever lose access to it.

GNU PGP

  1. Genere a revocation certifica with the gpg --gen-revoke option:
    gpg --gen-revoke <su clave>.
  2. Answer yes to all the questions about whether you are sure.
  3. Save this ASCII dump in a safe, offline place