I'd like to clarify that the GPG key has not been uploaded to any server yet; it only exists on my local machine. In this scenario, can I proceed with using deluid to remove certain email addresses? without revocating with revuid?
If I remove these addresses, will there be any trace left in the GPG key? I want them to vanish as if they never existed.
Once generated, GPG keys are only stored on the local disk. If you never uploaded your key to a remote server with this command :
gpg --keyservers "the_server" --send-keys "your_key"
Or give your public key to someone, you can assume that your key is not known to anyone and you don't need to revoke it.
However, if you already sent your public key by email to someone in order to him to encrypt an email for you, you will need to revoke the key and spread this information by sending the revocation certificate publicly to warn people to not use your public key anymore. You can generate the revocation certificate with :
gpg --gen-revoke --armor --output revcertificate.asc "your_key"
To be sure that your key is not stored in a remote server, you can use this command :
gpg --search-keys "your_key"
gpg --keyserver "specific_server" --search-keys "your_key"
To delete your public key, you can use this command :
gpg --delete-key "your_key"
And for private key :
gpg --delete-secret-key "your_key"
With those commands, your keys will be completely vanished.
Note : Keys's database are normally stored in ~/.gnupg folder.
You can not remove all uuid of a key, however you can create another one identity and remove all others linked to your emails addresses after. In your case you don't need to revuid as you never shared your key.
gpg --edit-key "your_key"
gpg> adduid
Real name: New Name
Email address: ...
Comment: ...
You selected this USER-ID:
"New Name"
Then you can list and remove your old uuid. To select the uuid to remove :
gpg> uid X
You will have a * like [ultimate] (1)* on uuid selected. Then you can delete it and save :
gpg> deluid
gpg> save
That's enough in your case to vanish all others identities.
Important note : If you never uploaded your public key, your old identities remain undisclosed and nobody can retrieve your previous UUIDs. Once a key is published, it's key ID remains constant, allowing others to retrieve it from keyservers. Even if you delete your User IDs (UIDs), keyservers won't erase any previously seen information.
deluid, not the key itself. I added four email addresses (or alias addresses to be more precise) withadduidbeside the master email by following these steps: https://superuser.com/questions/293184/one-gnupg-pgp-key-pair-two-emails excluding the lastgpg-sendcommand. – Zoltan King Jan 12 '24 at 23:12gpg --full-generate-keyhowever beside that I added 3 more UUIDs. Those are the ones I want removed. First, I usedrevuid. The revoked key didn't show up withgpg --list-keysbut it did withgpg --list-options show-unusable-uids --list-keys. Later,I learned that I don't need to revoke since I haven't shared or uploaded my key anywhere, so at next try I useddeluid. This one made the address dissappear in bothgpg --list-keysandgpg --list-options show-unusable-uids --list-keys– Zoltan King Jan 13 '24 at 10:25deluidon three UUIDs, affected the original key in any way, like modifying the content of the GPG file on disk. I'm a bit concerned. I believe removing and adding should be routine and shouldn't require starting everything from scratch, such as creating a new key withgpg --full-generate-key, right? – Zoltan King Jan 13 '24 at 10:28uuid),adduidonly create another identity for another email address but the key itself does not change at all. You can use the same key for several purpose and severaluuid. – hidigoudi Jan 13 '24 at 10:31