Revoking a public key when compromised

A key compromise means that the key can no longer be used to verify that an application is trusted. For example, a signing key may be considered compromised if the private key used to sign applications and their versions has been lost or stolen, or if there is suspicion that information has been leaked.

If a key is compromised or suspected of being compromised, you should stop using the private key for signing applications and their versions and revoke the corresponding public key on the Kaspersky Appicenter for Developers portal.

To revoke a public key:

  1. On the Kaspersky Appicenter for Developers portal, select the Support section in the main menu.
  2. Click on the email address in the Support and guidance section.

    Your email client will open a window with a new message addressed to a Kaspersky Appicenter for Developers Technical Support specialist.

  3. Indicate "Revoke compromised public key" in the subject line.
  4. Specify the following information in the body of the email:
    • key name
    • key ID
    • the approximate date when the key was compromised

    You can view the key name and ID in the Keys section in the web interface of Kaspersky Appicenter for Developers.

    You can revoke only a public key with the Active or Archived status.

  5. Send the email.

Your request to revoke the public signing key will be sent to Kaspersky Appicenter for Developers Technical Support. If additional information about the key needs clarification, you will be sent an email.

When the public has been revoked, you will receive an email notification and the following will happen:

Page top