How to actually revoke a GitHub GPG key? #108355
-
Select Topic AreaQuestion BodyI am eventually told I can revoke old GitHub GPG keys while still marking older commits as verified: https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account
Am I right to think that, to "revoke" the key, I just need to send in a "new" GPG key but with the "revoked" status? Or just remove the old key and send it in again but with the revoked status? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
Experimented on this a bit, and basically, yes, revoke the key and re-add it to GitHub.
Here are the steps:
Reference: https://superuser.com/questions/1526283/how-to-revoke-a-gpg-key-and-upload-in-gpg-server |
Beta Was this translation helpful? Give feedback.
-
Thanks! This helped me out as I need to revoke my gpg key, as it was no longer accepting my passphrase. |
Beta Was this translation helpful? Give feedback.
Experimented on this a bit, and basically, yes, revoke the key and re-add it to GitHub.
Ideally, you should add an expiry date to your keys when they are being created, but let's say your keys do not expire, and you want to revoke them.GitHub does recommend not setting an expiration date for your keys; see https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key . Let's say you suddenly want to revoke a GitHub GPG key.Here are the steps: