PGP Revocation: Copying to Another Server

TL;DR

Yes, you can copy a PGP revocation certificate to another server. This is often necessary if your primary key server goes down or you want redundancy. The process involves transferring the .rev file and importing it into the new server’s keyring.

How to Copy a PGP Revocation Certificate

1. Locate Your Revocation File: Find the .rev file you created when revoking your key. This file contains information about the revocation and is essential for telling others that your old key is no longer valid. It’s usually stored alongside your other PGP keys.

   If you don’t have it, you may be able to recreate it if you still have access to the private key used to sign the original revocation.

2. Securely Transfer the File: Copy the .rev file to the new server using a secure method like scp (secure copy) or sftp (secure FTP). Avoid insecure methods like email.

   scp your_revocation.rev user@newserver:/path/to/keys/

3. Import the Revocation Certificate: Import the revocation certificate into the new server’s keyring using gpg.

   gpg --import /path/to/keys/your_revocation.rev

4. Verify the Import: Check that the revocation has been successfully imported by listing your keys and looking for the revocation information.

   gpg --list-keys --with-revocation

   You should see an entry indicating the key is revoked.

5. Update Key Servers (Optional): If you use public key servers, you may need to manually update them with your revocation. This isn’t always necessary as they will eventually sync from other servers.

   gpg --send-keys YOUR_KEY_ID --keyserver hkps://keyserver.ubuntu.com

   Replace YOUR_KEY_ID with your actual key ID and choose a reliable keyserver.

6. Test the Revocation: Ask someone to verify that they can see the revocation when fetching your public key.

Important Considerations

• Security: Always handle your private keys and revocation certificates with extreme care. Never share them publicly.
• Key Server Syncing: Key servers take time to synchronize, so it may not be immediate that the revocation is visible everywhere.
• Multiple Servers: Copying to multiple servers provides redundancy but doesn’t guarantee instant propagation of revocation information.