Un-revoke PGP key

Whilst playing with GPG (and trying to figure out a safe way to store my revocation cert so nobody else could use it), I accidentally revoked my PGP key.

The revocation was only local; not sent to a keyserver, so I was sure there would be a way to un-revoke it... but I couldn't find anything. Even deleting the key and re-importing it didn't help; it still showed as revoked. In the end I deleted my entire keyring and re-imported everything, which worked. But there must be a better way...

So; how do you un-revoke a PGP key in GPG?

Also, where is the revocation stored, and why wasn't it deleted when I deleted the key from my keyring?

In case it makes any difference, I'm using GPG on OS X with the GPGTools package.


Solution 1:

It turns out that it is possible (and relatively simple) to delete and re-import the key, provided that it is on a keyserver (and provided that the revocation has not been sent to the keyserver, of course).

This is what I found to work (THEKEYID is the short ID of the key):

  1. Delete the public key as follows (the --expert option allows the public key to be deleted whilst the private key is kept) :
    gpg --expert --delete-key THEKEYID

  2. Confirm by pressing:
    y

  3. Fetch the public key again from a keyserver:
    gpg --keyserver subkeys.pgp.net --recv-keys THEKEYID

Done!

Presumably this could also be done from a local (pre-revocation) backup of the public key, using gpg --import public.key instead of the third command.

Simply deleting the entire key (public and private) from the GPG Keychain Access GUI, and then restoring from a backup, did not work - I don't know why.