I have create GPG Keys for code signing and created a revocation certificate also. As far as I know, if key is compromised then i can revoke the key using revocation certificate.
Can someone suggest me how to revoke my key with revocation certificate? Also one more doubt is, after revoking keys should I upload at any GPG Key server? So that someone using my keys to verify code signing can check whether Key is revoked or not before using my code signed files.
if uploading in key server is not required then how my customer can check key is revoked or not?
Best Answer
This a summary of the steps for revoking, based on the article GPG: Revoking your public key and notifiying key-server. The following assumes that the key server is
pgp.mit.edu
.List keys
Revoke your key
Import revocation certificate into your keyring
Search your key on the key-server
Send the revoked key to the key-server