Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How To Revoke/Expire Keys Without Passphrase?

Status
Not open for further replies.
LordBass

LordBass

MIS
Jun 20, 2002
13
0
0
US
Greetings,
We have users that have forgotten their passphrases or left the company whose keys need to be revoked or expired on our local keyserver. How can this be done without the passphrase? With new keys for lost passphrases, these users will now be listed twice on our server, with no obvious signs as to which is the current key.

I've read about creating a revoker certificate or some such that, when used at key creation, can help revoke a key without the keys original passphrase, but have never come across instructions to set this up.

Can anyone help? Am I out of luck? We're using NAI/McAfee PGP Desktop Security 7.0. Any tips welcomed.

Thank you,
Chris
 
Sort by date Sort by votes
I assume you have not the bussiness Version of PGP. There should be a Way for a Security Manager to erase keys from the Keyring.

hnd
hasso55@yahoo.com

 
Upvote 0 Downvote
We have our own PGP keyserver on our internal network, which has not replicated its keys to an outside keyserver.

The documentation for the keyserver says there should be a way to set a user to 'delete' keys from the keyserver thru the web console, but does not say how to properly set up the user, then delete whichever keys should be removed.

Along with this I'm trying to figure out how to properly create a designated revoker key & use key reconstruction when creating keys so that future keys can be deleted/recreated when necessary.

It's unfortunate that NAI no longer offers support on this product, that their documentation is incomplete, and that I don't know more about how to use this stuff. :( .. I'm trying, tho. :)

Again, any tips are welcome.

Thanks,
Chris
 
Upvote 0 Downvote
If you've setup the keys with an ARK (Additional Revocation Key), the PGP Administrator should be able to revoke any key. This is in the Admin Guide for PGP Desktop.

AVChap
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
145
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
145
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
120
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
48
Russtoleum
Russtoleum
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
50
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top