I'm trying to delete these gpg keys I no longer needed. I keep getting "not found: Not found" regardless. 
I tried:
gpg --list-scret-keys There is no error but nothing shows up on the screen either. Help is much appreciated. Thanks!
- stackoverflow.com/q/9768473/17635987 I guess you can figure it out with these examples.kirjosieppo– kirjosieppo2022-08-10 09:49:03 +00:00Commented Aug 10, 2022 at 9:49
Add a comment |
3 Answers
Try Deleting it using the id between pub and uid with the following command:
gpg --delete-secret-key 7D2BAF1CF37B13E2069D6956105BD0E739499BDB The one you have typed is not an id, it is the key type and bit size of that key.
Hope you got it!
2 Comments
Iulian Onofrei
I had to use
gpg --delete-key as well.
magnump0
Just deleting the secret key and the key is not enough. Please go to the next, most detailed answer by @emil-carpenter
Revoke before deleting
Revoking the key before deleting it is a good idea. After deleting the private key, revoking is not possible, unless you have a revoking certificate. That is generated automatically when creating a key pair in gpg version from 2.1 onwards, in ~/.gnupg/openpgp-revocs.d, at least on Ubuntu.
1A. Revoke the key - by creating revocation certificate
For this, the passphrase of the key IS needed.
a) Create revocation certificate
gpg --output revoke-piotrs-keys.asc --gen-revoke [email protected] b) Revoke the key, on local machine, by importing the revocation certificate, from the file created in a), into the keyring
gpg --import revoke-piotrs-keys.asc OR
1B. Revoke the key - with existing revocation certificate .rev
For this, the passphrase of the key is NOT needed. Instead, the automatically generated revocation certificate IS needed.
a) Edit the file so it will work in the next step, by removing the colon in the beginning of the row where the key block starts:
## Get key ID gpg --list-keys nano ~/.gnupg/openpgp-revocs.d/7D2BAF1CF37B13E2069D6956105BD0E739499BDB.rev ## Before (colon): :-----BEGIN PGP PUBLIC KEY BLOCK----- ## After (no colon): -----BEGIN PGP PUBLIC KEY BLOCK----- b) Revoke the key, on local machine, by importing the revocation certificate, from the file created when the key was created:
gpg --import ~/.gnupg/openpgp-revocs.d/7D2BAF1CF37B13E2069D6956105BD0E739499BDB.rev 2. Revoke the key - on remote key server
If the key never was on any key server, skip this step.
gpg --keyserver your-remote-keyserver.com --send-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB 3. Delete the key pair
a) Get the key ID
gpg --list-keys b) Delete the secret key
gpg --delete-secret-key 7D2BAF1CF37B13E2069D6956105BD0E739499BDB c) Delete the public key
gpg --delete-key 7D2BAF1CF37B13E2069D6956105BD0E739499BDB 4. Verify that the keys are gone (from local machine)
gpg --list-keys gpg --list-secret-keys 5. Clean up
a) Remove the file created in 1. a)
rm revoke-piotrs-keys.asc b) If gpg version 2.1 or newer was used to create the key, then remove the automatically created revocation file
rm ~/.gnupg/openpgp-revocs.d/7D2BAF1CF37B13E2069D6956105BD0E739499BDB.rev 
Comments
First you should not delete keys you do no longer use or need, but revoke them first (that is revoke them locally first, then send the revoked key to a keyserver (unless you are sure it never was on any keyserver)).
After having revoked you key that way, it is OK to delete it.
Then when deleting it, use the "Key ID" (like 7D2BAF1CF37B13E2069D6956105BD0E739499BDB), not the key type (like rsa4096 (meaning: "an RSA key with 4096 bits)).
