GPG key renewal

Tue 02 February 2016

[caption id="" align="alignright" width="75" class="zemanta-img"]English: An example of a standard key used for... standard key (Photo credit: Wikipedia)[/caption]

What happen when a PGP key expire? Obvious answer: you can no longer securely use it. Nevertheless, you may not delete it as you must be able to read your encrypted files.

Basics step that should be done are:

  1. generate a new (sub)key
  2. publish your key
  3. test your newly generated key

generate a new key

first setup

For the first key generation, you should have used
The common way using pgp is:
gpg --gen-key

On some installation, you may have used gpg --full-gen-key to a obtain a dialog for each option

key rotation

You must generate a new subkey:

gpg --edit-key
> addkey
> save
Then you add two keys: one to sign and one to encrypt. Do not forget to save your changes.
I recommand to use the default choice when creating a new key (RSA and RSA for my current installation)

publish your key

quite simple:

gpg --keyserver pool.sks-keyservers.net --send-keys

you may use any keyserver of your choice. A short list include pgp.mit.edu, keys.gnupg.net, subkeys.pgp.net, keyserver.ubuntu.com.

test your key

You may use Adele (adele-en@gnupp.de). Send an email to Adele. It is quite straightforward.

Related articles (or not):

Category: network security Tagged: FAQs Help and Tutorials Mail tools