Revoking a PGP key

Using the command line:

I use PGP with my emails mostly to sign with digital signature. For some reasons I had to create a new PGP key and revoke my last key (0x43687201) from public key servers like Key revocation might be necessary for many reasons. Someone might lost his laptop for example. Hence, it’s wise to create a revocation certificate just after the key is generated. I generated it with the following command:

$ gpg –gen-revoke 43687201

A revocation key indicates that the respective key is comprised, superseded or no longer used. Generating a revocation key only needs passphrase and then an ascii-armoured key block is printed out. Paste this text into a file. In my case, it looked like this:

Version: GnuPG v1.4.11 (MingW32)
Comment: A revocation certificate should follow

If you have a backup of your original key pair (which is always recommended) you can generate the revocation key any time later. However, I generate it as soon as I create my key and keep a back up of the original key pair as well as the revocation key.

Anyways, as this was my new computer, I imported my public key using the following command:

$ gpg –recv-keys 43687201
gpg: requesting key 43687201 from hkps server
gpg: key 43687201: public key “Md. Abdul Awal <>” imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

Now, I need to import my revocation certificate as well using the command:

$ gpg –import [path/location of the revocation certificate]
gpg: key 43687201: “Md. Abdul Awal <>” revocation certificate imported
gpg: Total number processed: 1
gpg:    new key revocations: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-07-03

After that, I issued the following command to push my revocation certificate to MIT Key Server

$ gpg –keyserver –send-keys 43687201
gpg: sending key 43687201 to hkp server

I can now check the status of the key from It shows *** KEY REVOKED ***

By the way, my new key is 0x94E4C396.


Using the web interface of a public key server:

An alternative (if your revocation certificate is an ASCII-armored file, thus not binary) would be to use the web interface of any keyserver of your choice (MIT, Ubuntu etc.), where you can directly paste the revocation certificate.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.