Thursday, July 11, 2002

Revoking a seven year old pgp public key

I'm in the process of becoming a debian developer and one thing they
require your public gpg key uploaded to one of the href="http://wwwkeys.us.pgp.net/">keyservers. No problem, fairly
straight forward to do. However, I have an href="http://pgp.dtype.org:11371/pks/lookup?search=nozell%40wildcat.mv.com&op=i
ndex">old
key from back in the stone age of 1997 with an email address that
is no longer used. Simple to just generate a revocation key and
upload that, right? Unfortunately gnupg doesn't support revoking that
old key and pgp 5.0 doesn't know about revocation period. So I ended
up importing the secret key into gnupg and then changing the
'username' from 'Marc Nozell' to 'please use href="http://pgp.dtype.org:11371/pks/lookup?op=get&search=0xC30441D2">marc@noze
ll.com
instead'. Just FYI.

Anyone else remember downloading the href="http://www.linuxsecurity.com/articles/cryptography_article-4070.html">PGP
v2.0 from a dialup BBS located half the country away and hoping
that it wasn't illegal to obtain strong href="http://www.cryptome.org/">encryption from across state
lines?