Un-revoke PGP key
Whilst playing with GPG (and trying to figure out a safe way to store my revocation cert so nobody else could use it), I accidentally revoked my PGP key.
The revocation was only local; not sent to a keyserver, so I was sure there would be a way to un-revoke it... but I couldn't find anything. Even deleting the key and re-importing it didn't help; it still showed as revoked. In the end I deleted my entire keyring and re-imported everything, which worked. But there must be a better way...
So; how do you un-revoke a PGP key in GPG?
Also, where is the revocation stored, and why wasn't it deleted when I deleted the key from my keyring?
In case it makes any difference, I'm using GPG on OS X with the GPGTools package.
Solution 1:
It turns out that it is possible (and relatively simple) to delete and re-import the key, provided that it is on a keyserver (and provided that the revocation has not been sent to the keyserver, of course).
This is what I found to work (THEKEYID
is the short ID of the key):
Delete the public key as follows (the
--expert
option allows the public key to be deleted whilst the private key is kept) :gpg --expert --delete-key THEKEYID
Confirm by pressing:
y
Fetch the public key again from a keyserver:
gpg --keyserver subkeys.pgp.net --recv-keys THEKEYID
Done!
Presumably this could also be done from a local (pre-revocation) backup of the public key, using gpg --import public.key
instead of the third command.
Simply deleting the entire key (public and private) from the GPG Keychain Access GUI, and then restoring from a backup, did not work - I don't know why.