Re: Reviving a userid with revoked key

[Daniel Kahn Gillmor]

On Fri 2017-05-19 21:58:34 +0200, Kristian Fiskerstrand wrote:
> On 05/19/2017 08:36 PM, Marc Curry wrote:
>> Maybe a dumb question, but I'm looking for help thinking through how to
>> best "revive" an old gpg key's userid after I revoked it a few years ago,
>> thinking I wouldn't need to use it, again.
>> 
>> 1) was at a company (e.g. m...@company-a.com)
>> 2) went to company-b and revoked key for marc@company-a
>> 3) now I'm back at company-a, and want to start using m...@company-a.com
>> userid again
>
> Nothing wrong with that, just add a new user id using adduid from
> --edit-key

This is the case if the *user-id* was revoked, while the key itself was
not revoked.  If the OP revoked the old key itself, then they need to
just make a new key.


> it wont have the old signatures from other users, those got
> lost at the revocation point, but your new contacts can sign the new UID
> without issue.

The old contacts should also be able to re-certify, no?

 --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Reviving a userid with revoked key

[Michael Englehorn]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Marc Curry  writes:

> 1) was at a company (e.g. m...@company-a.com)
> 2) went to company-b and revoked key for marc@company-a
> 3) now I'm back at company-a, and want to start using m...@company-a.com 
> userid again
If you revoked the key, and not just the user id, you have to start over
with a new key, especially if you published the revocation anywhere.

Once you send a revoked key to the keyservers, it's game over for that
key, by design.

> Thoughts on the best/recommended way to do this? I still remember my secret 
> key's password.
>
> Should I just delete the (revoked) key from my keyring and re-do a --gen-key 
> using the same/original e-mail address as the userid?
You don't really have to delete it, you can just generate a new one
using the same name and e-mail address.

- -Michael Englehorn
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZH04KAAoJEFiya/FkvZyB4xQP/1fMgxCOCY11A0uFU+lcdVXD
ZHbu2rxsToO/q4Kruymu28J21SwbDhRFjK1jAOJRJN0CyWPOP4A4jVmt/VVfLy5t
eZNEw2coLdzqqLeXDYx4YYsjXNxcc2TYfPSKVOkMkOm8rozXXpwFrZXaHTsL1PGt
OlcEFLXdPj3IL8dFcAJh3WIVjCkJr8WH/kMz5VauUx7BFnb2+8L4C33roVshZjys
U5GsOeHWBQeleygh+kirjCr8wHN30V1NOS3f1NsUgeRZuY6tLXbwkZrtEGRDz40g
VO16iL9qcM4xhMDmgliUZZ0NiKR9rzgDxYAyLWNlhK8q6w6OUAzZtbEvMeErzPAF
EUpUZeznlqzWx4w3xSj4l2oLmjeM/QvwD80LaL+LG2nH91tOu9ByNzn7R5CaevSR
HDLv3m421Y68qDnfwL1O8bDtd5t9hz00pzMy8NEZaG4fMUTvrjs9UO9rA28M8J1w
RuDR/HHxZHRgJLjAKRVbiQh4IYLs6a4F9+Xyra8X5N//SH6wBkJNZMYKBwNbd6Kn
AzlJIToHQmAzOuT6UyGUjbl0OWwkkIPT7m+N2n0peOmuPfPynoIG7SS2nqw0A/lM
tOqIKGthRcJIuuox64+uyGJ5v9VnpCm5T4l6fN+ut5g+eXXN+0NeBQdpoK0qCMQO
ndx1D0V18wEFApLwDULO
=jFrF
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Reviving a userid with revoked key

[Kristian Fiskerstrand]

On 05/19/2017 08:36 PM, Marc Curry wrote:
> Maybe a dumb question, but I'm looking for help thinking through how to
> best "revive" an old gpg key's userid after I revoked it a few years ago,
> thinking I wouldn't need to use it, again.
> 
> 1) was at a company (e.g. m...@company-a.com)
> 2) went to company-b and revoked key for marc@company-a
> 3) now I'm back at company-a, and want to start using m...@company-a.com
> userid again

Nothing wrong with that, just add a new user id using adduid from
--edit-key, it wont have the old signatures from other users, those got
lost at the revocation point, but your new contacts can sign the new UID
without issue.

Deleting the old UID will have no practical effect if it has been
distributed to a keyserver historically.

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If you choose to sail upon the seas of banking, build your bank as you
would your boat, with the strength to sail safely through any storm."
(Jacob Safra (1891–1963))



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reviving a userid with revoked key

[Marc Curry]

Maybe a dumb question, but I'm looking for help thinking through how to
best "revive" an old gpg key's userid after I revoked it a few years ago,
thinking I wouldn't need to use it, again.

1) was at a company (e.g. m...@company-a.com)
2) went to company-b and revoked key for marc@company-a
3) now I'm back at company-a, and want to start using m...@company-a.com
userid again

Thoughts on the best/recommended way to do this?  I still remember my
secret key's password.

Should I just delete the (revoked) key from my keyring and re-do a
--gen-key using the same/original e-mail address as the userid?

Thanks for any suggestions,

Marc
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users