destroying PGP private keys (Re: Home Office response on Burden of Proof)

[Adam Back]

Ben writes:
> Nicholas Bohm wrote:
> > On a technical note, how can you destroy a private PGP key without
> > destroying all your private keys by wiping the private keyring?  Does
> > revoking the corresponding public key destroy the relevant private key?
> 
> You can extract the rest of the keys individually, blow away the private
> keyring, then reconstruct from the extracted keys.

To destroy a private key you remove it from your key ring (pgp -kr)
and wipe the backup keyring (pgp -w secring.bak).  

(As a precaution you might want to backup keyrings first and do a dry
run to make sure you get this right and don't end up nuking private
keys you wanted to keep!)

Revoking the key does not remove the private key, because you can
still decrypt messages encrypted to a revoked key (while you retain
the private key).  PGP will not let you encrypt new messages to the
public key (or will warn or something).

Adam