Is it possible to delete an enrolled key using mokutil without the original .der file?

While fighting with my discrete graphics card, I reinstalled Ubuntu several times. The first couple times I was very careful to move the .priv and .der key I was using to sign my dkms kernel modules to another partition. Unfortunately, as I got more frustrated I became less careful and apparently accidentally cut and pasted from the backup (rather than copying and pasting) and then reformatted over the sole remaining key in the next re-install. I used photorec to try and recover the files but unfortunately no *.der or *.priv files were recovered.

It seems that the intended way to un-enroll machine owner keys (MOKs) is

mokutil --delete keyname.der

Given that I no longer have the public key, is there another way for me to un-enroll it?

To delete only one specific key from the database you could first use the --export flag, like so:

$ mokutil --export

This will export all machine owner keys to the current directory:

$ ls -1 MOK*
MOK-0001.der
MOK-0002.der
...

They are numbered according to the list given by

$ mokutil --list-enrolled
[key 1]
SHA1 Fingerprint:....
...
[key 2]
SHA1 Fingerprint:....

which should then enable you to delete only one specific key, e.g. key 1:

# mokutil --delete MOK-0001.der

Figured it out. The --reset parameter does the trick.

sudo mokutil --reset

If you had multiple MOKs enrolled and only wanted to remove one it might not be ideal.

If someone comes up with a better option I'll accept that answer.