Quantcast

Reviving a userid with revoked key

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Reviving a userid with revoked key

Marc Curry
Maybe a dumb question, but I'm looking for help thinking through how to best "revive" an old gpg key's userid after I revoked it a few years ago, thinking I wouldn't need to use it, again.

1) was at a company (e.g. [hidden email])
2) went to company-b and revoked key for marc@company-a
3) now I'm back at company-a, and want to start using [hidden email] userid again

Thoughts on the best/recommended way to do this?  I still remember my secret key's password.

Should I just delete the (revoked) key from my keyring and re-do a --gen-key using the same/original e-mail address as the userid?

Thanks for any suggestions,

Marc


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reviving a userid with revoked key

Michael Englehorn
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Marc Curry <[hidden email]> writes:

> 1) was at a company (e.g. [hidden email])
> 2) went to company-b and revoked key for marc@company-a
> 3) now I'm back at company-a, and want to start using [hidden email] userid again
If you revoked the key, and not just the user id, you have to start over
with a new key, especially if you published the revocation anywhere.

Once you send a revoked key to the keyservers, it's game over for that
key, by design.

> Thoughts on the best/recommended way to do this? I still remember my secret key's password.
>
> Should I just delete the (revoked) key from my keyring and re-do a --gen-key using the same/original e-mail address as the userid?
You don't really have to delete it, you can just generate a new one
using the same name and e-mail address.

- -Michael Englehorn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZH04KAAoJEFiya/FkvZyB4xQP/1fMgxCOCY11A0uFU+lcdVXD
ZHbu2rxsToO/q4Kruymu28J21SwbDhRFjK1jAOJRJN0CyWPOP4A4jVmt/VVfLy5t
eZNEw2coLdzqqLeXDYx4YYsjXNxcc2TYfPSKVOkMkOm8rozXXpwFrZXaHTsL1PGt
OlcEFLXdPj3IL8dFcAJh3WIVjCkJr8WH/kMz5VauUx7BFnb2+8L4C33roVshZjys
U5GsOeHWBQeleygh+kirjCr8wHN30V1NOS3f1NsUgeRZuY6tLXbwkZrtEGRDz40g
VO16iL9qcM4xhMDmgliUZZ0NiKR9rzgDxYAyLWNlhK8q6w6OUAzZtbEvMeErzPAF
EUpUZeznlqzWx4w3xSj4l2oLmjeM/QvwD80LaL+LG2nH91tOu9ByNzn7R5CaevSR
HDLv3m421Y68qDnfwL1O8bDtd5t9hz00pzMy8NEZaG4fMUTvrjs9UO9rA28M8J1w
RuDR/HHxZHRgJLjAKRVbiQh4IYLs6a4F9+Xyra8X5N//SH6wBkJNZMYKBwNbd6Kn
AzlJIToHQmAzOuT6UyGUjbl0OWwkkIPT7m+N2n0peOmuPfPynoIG7SS2nqw0A/lM
tOqIKGthRcJIuuox64+uyGJ5v9VnpCm5T4l6fN+ut5g+eXXN+0NeBQdpoK0qCMQO
ndx1D0V18wEFApLwDULO
=jFrF
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reviving a userid with revoked key

Kristian Fiskerstrand-6
In reply to this post by Marc Curry
On 05/19/2017 08:36 PM, Marc Curry wrote:
> Maybe a dumb question, but I'm looking for help thinking through how to
> best "revive" an old gpg key's userid after I revoked it a few years ago,
> thinking I wouldn't need to use it, again.
>
> 1) was at a company (e.g. [hidden email])
> 2) went to company-b and revoked key for marc@company-a
> 3) now I'm back at company-a, and want to start using [hidden email]
> userid again

Nothing wrong with that, just add a new user id using adduid from
--edit-key, it wont have the old signatures from other users, those got
lost at the revocation point, but your new contacts can sign the new UID
without issue.

Deleting the old UID will have no practical effect if it has been
distributed to a keyserver historically.

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"If you choose to sail upon the seas of banking, build your bank as you
would your boat, with the strength to sail safely through any storm."
(Jacob Safra (1891–1963))


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reviving a userid with revoked key

Daniel Kahn Gillmor-7
On Fri 2017-05-19 21:58:34 +0200, Kristian Fiskerstrand wrote:

> On 05/19/2017 08:36 PM, Marc Curry wrote:
>> Maybe a dumb question, but I'm looking for help thinking through how to
>> best "revive" an old gpg key's userid after I revoked it a few years ago,
>> thinking I wouldn't need to use it, again.
>>
>> 1) was at a company (e.g. [hidden email])
>> 2) went to company-b and revoked key for marc@company-a
>> 3) now I'm back at company-a, and want to start using [hidden email]
>> userid again
>
> Nothing wrong with that, just add a new user id using adduid from
> --edit-key

This is the case if the *user-id* was revoked, while the key itself was
not revoked.  If the OP revoked the old key itself, then they need to
just make a new key.


> it wont have the old signatures from other users, those got
> lost at the revocation point, but your new contacts can sign the new UID
> without issue.

The old contacts should also be able to re-certify, no?

     --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Loading...