From eb2cce8edb0c5658047cbf4257c93dc2be015f1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= <rodolphe@what.tf>
Date: Mon, 10 Apr 2023 00:31:22 +0200
Subject: [PATCH] Add an entry to the FAQ regarding manual key revocation

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 6822a44..49ce8e0 100644
--- a/README.md
+++ b/README.md
@@ -51,3 +51,13 @@ Matthew Green wrote an excellent article on this subject: [Ok Google: please pub
 ### Where is the documentation?
 
 A man page will be available by the time this filter is ready to use.
+
+### One of my keys has been compromised, how do I revoke it?
+
+Keys are stored in an SQLite format 3 database. You may access it using the `sqlite3` CLI tool or any other compatible tool.
+
+The simplest way to revoke a key is to set its `not_after` field at the current timestamp. A new key will automatically be generated.
+
+```
+UPDATE key_db SET not_after = unixepoch() WHERE selector = 'dkim-755512d8f51b4da6936d565a1ddbaf17';
+```