Note: this is a purely hypothetical situation.
Suppose that I had created a PGP key, pushed it to the Ubuntu keyserver (hkp://keyserver.ubuntu.com), and added it to my Launchpad account. Further suppose that my PGP key was compromised somehow.
Apart from removing the key from Launchpad, what steps do I need to take?
gpg --list-keys
Find your key id:
pub 2048R/deadb33f 2012-03-10
uid Something <[email protected]>
gpg --edit-key 0xdeadb33f
Command> revuid
Really revoke this user ID? (y/N) y
Please select the reason for the revocation:
0 = No reason specified
4 = User ID is no longer valid
Q = Cancel
(Probably you want to select 4 here)
Your decision? 4
gpg --keyserver keyserver.ubuntu.com -send-keys 0xdeadb33f
gpg --keyserver pool.sks-keyservers.net -refresh-keys 0xdecafbad
now use gpg to revoke the UID
gpg --edit-key 0xdecafbad
gpg displays a list of UIDs on the key. Enter the number of the UID you
wish to revoke. The list is redisplayed with an * next to the selected
one. now use the gpg command revuid to revoke:
Command> revuid
Really revoke this user ID? (y/N) y
Please select the reason for the revocation:
0 = No reason specified
4 = User ID is no longer valid
Q = Cancel
(Probably you want to select 4 here)
Your decision? 4
Answer the passphrase prompt and 'save' to update your keyring with the
modified key. Now send the key with revoked UID to the keyservers
gpg --keyserver pool.sks-keyservers.net -send-keys 0xdecafbad
