Whilst playing with GPG (and trying to figure out a safe way to store my revocation cert so nobody else could use it), I accidentally revoked my PGP key.
The revocation was only local; not sent to a keyserver, so I was sure there would be a way to un-revoke it… but I couldn't find anything. Even deleting the key and re-importing it didn't help; it still showed as revoked. In the end I deleted my entire keyring and re-imported everything, which worked. But there must be a better way…
So; how do you un-revoke a PGP key in GPG?
Also, where is the revocation stored, and why wasn't it deleted when I deleted the key from my keyring?
In case it makes any difference, I'm using GPG on OS X with the GPGTools package.
Best Answer
It turns out that it is possible (and relatively simple) to delete and re-import the key, provided that it is on a keyserver (and provided that the revocation has not been sent to the keyserver, of course).
This is what I found to work (
THEKEYIDis the short ID of the key):Delete the public key as follows (the
--expertoption allows the public key to be deleted whilst the private key is kept) :gpg --expert --delete-key THEKEYIDConfirm by pressing:
yFetch the public key again from a keyserver:
gpg --keyserver subkeys.pgp.net --recv-keys THEKEYIDDone!
Presumably this could also be done from a local (pre-revocation) backup of the public key, using
gpg --import public.keyinstead of the third command.Simply deleting the entire key (public and private) from the GPG Keychain Access GUI, and then restoring from a backup, did not work - I don't know why.