I'd like to clarify that the GPG key has not been uploaded to any server yet; it only exists on my local machine. In this scenario, can I proceed with using deluid to remove certain email addresses? without revocating with revuid?
If I remove these addresses, will there be any trace left in the GPG key? I want them to vanish as if they never existed.
Once generated, GPG keys are only stored on the local disk. If you never uploaded your key to a remote server with this command :
gpg --keyservers "the_server" --send-keys "your_key"
Or give your public key to someone, you can assume that your key is not known to anyone and you don't need to revoke it.
However, if you already sent your public key by email to someone in order to him to encrypt an email for you, you will need to revoke the key and spread this information by sending the revocation certificate publicly to warn people to not use your public key anymore. You can generate the revocation certificate with :
gpg --gen-revoke --armor --output revcertificate.asc "your_key"
To be sure that your key is not stored in a remote server, you can use this command :
gpg --search-keys "your_key"
gpg --keyserver "specific_server" --search-keys "your_key"
To delete your public key, you can use this command :
gpg --delete-key "your_key"
And for private key :
gpg --delete-secret-key "your_key"
With those commands, your keys will be completely vanished.
Note : Keys's database are normally stored in ~/.gnupg folder.
You can not remove all uuid of a key, however you can create another one identity and remove all others linked to your emails addresses after. In your case you don't need to revuid as you never shared your key.
gpg --edit-key "your_key"
gpg> adduid
Real name: New Name
Email address: ...
Comment: ...
You selected this USER-ID:
"New Name"
Then you can list and remove your old uuid. To select the uuid to remove :
gpg> uid X
You will have a * like [ultimate] (1)* on uuid selected. Then you can delete it and save :
gpg> deluid
gpg> save
That's enough in your case to vanish all others identities.
Important note : If you never uploaded your public key, your old identities remain undisclosed and nobody can retrieve your previous UUIDs. Once a key is published, it's key ID remains constant, allowing others to retrieve it from keyservers. Even if you delete your User IDs (UIDs), keyservers won't erase any previously seen information.