| Prerequisites |
|---|
| You’re familiar with the functionality of the Key Pair Details page. |
| You’re familiar with the bulk modification process. |
Key revocation is a crucial procedure in PGP encryption that ensures the security and integrity of the cryptographic system. It allows users to invalidate a public key. This might be necessary for several reasons, such as the private key being compromised, lost, or no longer in use because the user has changed roles or left an organization.
FlowCrypt uses a private key to add a revocation signature to the public key on the key server, which indicates it’s revoked. This informs others that the key should no longer be trusted for encrypting messages, decrypting messages, or verifying digital signatures. However, it’s important to note that revoked keys can still be used to decrypt emails that were encrypted with that key before it was revoked, ensuring users can still access previously received encrypted messages.
FlowCrypt provides users with the ability to revoke keys both manually and automatically. Instructions for both approaches are provided below.
How to revoke keys manually
1. To revoke a key manually, open the Key Pair Details page of the key and click on the Revoke button:
2. The next page will display the key revocation details, where you need to click Revoke Key Pair to confirm:
3. The system will display a notification about the successful update:
From now on, this key is no longer available to encrypt or sign emails, but it will still allow users to fetch the key to decrypt older emails.