This article covers how to upload your OpenPGP public key to a key server, and is part of a series in communications security.

This post follows Generating GnuPG Keys

A Note On Key IDs

Any time you see “keyid” in a command, you can use the key id (Finding Your GnuPG Key ID) or part of the name associated with the key.

Generate the Revocation Key

If your key should become comprised, or you suspect that it may be comprised, the only way to deactivate it once you’ve uploaded it to a public server is to use a revocation key.

To create a revocation key, run the command

gpg --output revoke.asc --gen-revoke keyid

where revoke.asc is the filename you want the revocation key to have.

Once you hit enter, you will be prompted for your passphrase, and then the key will be generated.

Make sure to keep the revocation key in a safe place, as it does not require a passphrase to use, so anyone who gets a hold of it can use it to disable your key. The GnuPG manual suggests that you print out the key and store it in a safe. Personally, I attached it to the entry in Keepass for the GnuPG passphrase, which I have encrypted and backed up.

Outputting Your Public Key

In order to upload your public key to a server, where anyone can use it to encrypt a message to you or check that a signed email from you is good, you first must output the public key.

To do this, use the command

gpg --armor --output publickey.txt --export keyid

The armor part of command outputs the key in an ASCII format so that it can be uploaded to a keyserver over the Internet.

Uploading Your Public Key

Uploading your public key to a public key server allows anyone who also knows how to use an OpenPGP implementation to send you an encrypted email, or to check that an email you’ve signed is truly from your (assuming that your key is secured) and that the email hasn’t been tampered with.

To upload your key to the MIT key server, a popular key server, use the command

gpg --send-keys --keyserver hkp:// keyid