I have some public keys of multiple users in my keyring in GnuPG. One of these users has switched to a new public key. I still have the user's old key which has an assigned trust of ultimate
. I just assigned the same trust to his new key.
He does not use the old key anymore. What should I do with the old key? Should I withdraw trust, or revoke it? What is the correct procedure in such a case?
Best Answer
First of all, ultimate trust shouldn't be used for other's keys, full trust is enough. If you issued ultimate trust to make the key itself valid, you missunderstood the web of trust concept. If you just wanted all his certifications to be valid for you (thus, extending your web of trust), full trust is enough, if you at the same time certified him.
Regarding your actual question: this depends a little bit on the situation.
The key owner just doesn't want to use the key any more, but still owns it and wants to keep the reputation in the web of trust he build up (which you probably also want to make use of): Just import his new key, and don't care about the old one at all. Apart from changing trust from "ultimate" to "full".
If you want to make sure you're not accidentially encrypting to his old key, disable it by running
gpg --edit-key [key-id]
, then using GnuPG'sdisable
command.