Blog | G5 Cyber Security

PGP Revocation: Copying to Another Server

G5 Cyber Security

TL;DR

Yes, you can copy a PGP revocation certificate to another server. This is often necessary if your primary key server goes down or you want redundancy. The process involves transferring the .rev file and importing it into the new server’s keyring.

How to Copy a PGP Revocation Certificate

  1. Locate Your Revocation File: Find the .rev file you created when revoking your key. This file contains information about the revocation and is essential for telling others that your old key is no longer valid. It’s usually stored alongside your other PGP keys.

    If you don’t have it, you may be able to recreate it if you still have access to the private key used to sign the original revocation.

  2. Securely Transfer the File: Copy the .rev file to the new server using a secure method like scp (secure copy) or sftp (secure FTP). Avoid insecure methods like email. 
    scp your_revocation.rev user@newserver:/path/to/keys/
  3. Import the Revocation Certificate: Import the revocation certificate into the new server’s keyring using gpg. 
    gpg --import /path/to/keys/your_revocation.rev
  4. Verify the Import: Check that the revocation has been successfully imported by listing your keys and looking for the revocation information. 
    gpg --list-keys --with-revocation

    You should see an entry indicating the key is revoked.

  5. Update Key Servers (Optional): If you use public key servers, you may need to manually update them with your revocation. This isn’t always necessary as they will eventually sync from other servers. 
    gpg --send-keys YOUR_KEY_ID --keyserver hkps://keyserver.ubuntu.com

    Replace YOUR_KEY_ID with your actual key ID and choose a reliable keyserver.

  6. Test the Revocation: Ask someone to verify that they can see the revocation when fetching your public key.

Important Considerations

Exit mobile version