Delete key from keyserver

David Shaw dshaw at jabberwocky.com
Sat Oct 22 04:21:19 CEST 2005


On Fri, Oct 21, 2005 at 11:47:06PM +0200, B. Kuestner wrote:
> I'm still in the process of learning how to use GPG for signing and  
> encrypting messages. I use MacGPG on, you guessed it, OS X.
> 
> The interface of the GPG Keychain app makes it really easy to do some  
> powerful stuff. And you know how it is, if powerful stuff is put in  
> the hands of ignorant people:
> 
> Now I'm stuck with what you never want to get stuck with: I have keys  
> on the keyserver that I don't want to be there and I don't want have  
> the private key anymore. The keys are of unlimited validity.
> 
> I have the passphrase, though, and I thought that this must be the  
> key (no pun intended) to everything. Unfortunately, the more I read  
> about it, the more I learn how wrong I am.
> 
> I understand that technically there is no software command that I  
> could send off anywhere that could fix the situation, right?

If you don't have the private key, then yes, right.  There is nothing
you can do about it.

> But somebody must be owning and administrating the keyserver  
> subkeys.pgp.net. How can I get to this person? And how can I prove  
> that I am the rightful fool to request deletion of those keys from  
> the server?

You really can't.  Even if one operator did remove the key, keyservers
synchronize with each other, so the others could just put it back
later.  You'd have to remove it from all keyservers... and even then
if someone accidentally resubmitted it, you'd have to go through this
again.

> I cannot believe that minutes of stupidity will leave the servers  
> running with in a sense corrupt entries for the rest of the lifetime  
> of gpg/pgp technologies. Surely this whole scheme must have a method,  
> maybe manual and not-free support, for such a scenario?

Nope.  It's an inherent scaling problem of the keyserver net.  I've
seen estimates that the majority of the keys on the keyserver net are
not used for one reason or another, but can't be deleted.  Even with
the garbage keys, the keyserver database isn't too large to be served
though.

The PGP company is running a different sort of keyserver at
http://keyserver.pgp.com.  This type of keyserver allows you to remove
keys if you can prove (by answering an email challenge) that you have
access to the email address on the key.  This keyserver obviously does
not synchronize with the others, however.

David



More information about the Gnupg-users mailing list