A Free Software Knowledge Base
A compilation of documentation   { en , fr }

How to delete a GnuPG key

Tag:
Created on:
Author:
Xavier Béguin
Version in French: Comment supprimer une clé GnuPG

How to designate the keys

The keys to remove can be designated using either the key id or the user id (either in the full form or simply the email part). The following calls to the gpg command will therefore usually give the same result:

gpg --delete-keys krusty@example.org
gpg --delete-keys 3CD64BFD8E29C4B59D94BADB7C1FB3157B254968

Removal of a secret key

The removal of a secret key can be achieved using the option --delete-secret-keys:

~$ gpg --delete-secret-keys krusty@example.org
sec  rsa3072/1B06BC1E13A2988B 2023-11-16 Herschel Krustofski <krusty@example.org>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

In addition to the confirmation on the terminal (as illustrated above), a graphical window will probably ask you twice for an additional confirmation of the removal of the key to make sure you don't perform this dangerous operation by mistake.

Removal of a public key

A public key can be removed from the keystore using the option --delete-keys.

If you request the removal of a public key while a corresponding secret key still exists, GnuPG will ask you to remove the secret key first :

~$ gpg --delete-keys krusty@example.org
gpg: there is a secret key for public key "krusty@example.org"!
gpg: use option "--delete-secret-keys" to delete it first.

We must therefore proceed to the removal of the secret key first using the option --delete-secret-keys detailed above.

After the secret is removed (or if you don't have the corresponding secret key in your keyrings), we can continue with the removal of the public key:

~$ gpg --delete-keys krusty@example.org
pub  rsa3072/1B06BC1E13A2988B 2023-11-16 Herschel Krustofski <krusty@example.org>

Delete this key from the keyring? (y/N) y

There will be no graphical window requesting an additional confirmation, as removing a public key is not as sensitive an operation as removing a secret key.

That's it! The keys are now removed from your keyrings.

Removal of a secret key and the matching public key

If you want to remove a secret key and the matching public key from your keyrings, you can combine the options --delete-secret-keys and --delete-keys by using the option --delete-secret-and-public-key.

The use of the latter is simply equivalent to the combined use of the first two options:

~$ gpg --delete-secret-and-public-key "krusty@example.org"
sec  rsa3072/04C03E72C47DC70A 2023-11-16 Herschel Krustofski <krusty@example.org>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

pub  rsa3072/04C03E72C47DC70A 2023-11-16 Herschel Krustofski <krusty@example.org>

Delete this key from the keyring? (y/N) y

If you use the commands proposed on this page on your system, you will probably get the following additional lines at the top of their output:

gpg (GnuPG) 2.2.40; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

If you want to suppress this message, use the --no-greeting option, or uncomment or add the following line in your GnuPG configuration file .gnupg/gpg.conf in your home directory:

no-greeting