Lost PGP private key and want to remove it from keyserver.ubuntu.com
Because of an accidental formatting I've lost two private keys(no backup). I've generated a new one but I want to remove the lost ones from the keyserver.
Solution 1:
TL;DR: There is no way, you're out of luck.
Deletion
OpenPGP key servers do not allow removal of keys for various reasons, mostly it boils down to
- having the OpenPGP web of trust being resilient against deletion attacks,
- missing procedures to do so,
- technical reasons with the key servers exchanging keys with each other ("gossiping") and
- the fact key servers are operated by hundreds of individuals all over the world (also in pretty much all countries of the world, if you'd like to go through the legal route).
If you'd ask the individual operators to remove a key, they might block it on their own server (but the others will still be hosting it), or simply tell you they won't do so because of the reasons given above.
For further reading, I'd recommend How long do keys stay on keyservers? for a more detailed discussion why deleting keys would be a bad thing to have.
Revocation
The "OpenPGP way" to remove old keys is to mark them as revoked by uploading special revocation certificates. These will tell other OpenPGP users that your key is superseded.
Revoking keys is not possible if you don't have access to the private key, defined a designated revoker or a pregenerated revocation certificate.
If you don't have a revocation certificate for your new key yet, generate one now!
Comments
Comments are hardly possible, either:
- people would not realize they're there if using some OpenPGP client software
- anybody could've uploaded them, as you can't sign them with your private key
- there is no such thing as comments anyway.
Precautions
To prevent loosing access to your key, do following:
- Regularly backup your computer (important anyway).
- Create an offline copy of your private keys.
- Create a revocation certificate immediately after creating a primary key. Store it both in a digital way and print it on a piece of paper (I recommend something like
gpg --gen-revoke | qrencode
to be able to scan the certificate without the hassles of OCR). - Create a second copy and hand it to somebody you trust. He cannot do anything but revoke your keys with it (never gain access!), but you always have a fall-back in worst case scenarios (house burned, robbery, ...).
Solution 2:
I am afraid that this is not possible. As pgp keys are synchronized also with other servers, it would also not be effective. Other keyservers would still have your key.
The following will not be very helpful for you, but it may help other readers:
If you had the private key, you could have used gpg to generate a revocation certificate, and upload that to the keyserver. This would not delete your key from the key server, but it would tell people who download it that the key has been revoked, and should not be used. More information on this can be found here.