How do I revoke a PGP key on a server?

Here's the situation, I have a PGP key I generated a long time ago and I have lost my private key. However I have a revocation certificate on my USB drive and I would like to revoke the key.

After looking on the internet I found this solution

$ gpg --import /path/to/usb/revocert-01324567.asc
gpg: key 01324567: no public key - can't apply revocation certificate
gpg: Total number processed: 1

I'm unsure how to download my public key from the keyserver, and how to upload it. Help would be appreciated.


Solution 1:

However I have a revocation certificate on my USB drive and I would like to revoke the key.

You're lucky, lots of people don't have one and would be lost now.

Using the Command Line

$ gpg --import /path/to/usb/revocert-01324567.asc
gpg: key 01324567: no public key - can't apply revocation certificate
gpg: Total number processed: 1

You already correctly found the way to import the revocation certificate, but it still misses your public key. This is very easy to import, just run

gpg --recv-keys [key-id]

Now import the key using the command formerly failed:

gpg --import [revocation-certificate-file]

After doing so, send the keys back to the key servers again:

gpg --send-keys [key-id]

Replace [key-id] and [revocation-certificate-file] by your key id respectively revocation certificate filename. It seems you still know your key id (looks like it is contained in your revocation certificate file name), otherwise use gpg --search [mail address] to query the key servers for the ID.

Using a Web Interface

An alternative (if your revocation certificate is an ASCII-armored file, thus not binary) would be to use the web interface of any keyserver of your choice, where you can directly paste the revocation certificate. The one of http://keyserver.ubuntu.com doesn't have a separate field for revocation certificates, but the "Submitting a new OpenPGP Key" field should also accept your (ascii-armored) revocation certificate. Search for your key afterwards to verify whether it was correctly revoked.

Synchronization of the Revocation Certificate

(Most) key servers gossip with each other and exchange new key data, including your revocatino certificate. Just wait for some time (minutes, hours), and it should spread throughout the key server network.