Skip to content

Instantly share code, notes, and snippets.

@codersofthedark

codersofthedark/gpgkeyrenewal.md

Last active March 17, 2022 07:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save codersofthedark/338342a0e35527671f56130d01aad244 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save codersofthedark/338342a0e35527671f56130d01aad244 to your computer and use it in GitHub Desktop.
Download ZIP
GPG Key Renewal
Raw
gpgkeyrenewal.sh
# Renew GPG key
```
$ gpg --list-keys
$ gpg --edit-key KEYID
```
Use the expire command to set a new expire date:
```
gpg> expire
```
When prompted type `1y` (recommended)
Select all the subkeys (the primary key, which we just set the expires date for, is key 0), A star will sppear before all selected keys.:
```
gpg> key 1
gpg> key 2
gpg> expire
```
Since the key has changed we now need to trust it, otherwise we get the error "There is no assurance this key belongs to the named user" when using they key:
```
gpg> trust
```
Test it out:
```
echo "testing encryption" >> encry.txt
#encrytion
gpg --encrypt --sign --armor -r something@somewhere.com encry.txt
cat encry.txt.asc
#decrytion
gpg --decrypt encry.txt.asc >> encry.new.txt
encry.new.txt
```
Backup the key:
```
gpg -a --export KEYID > kris.leech.gpg.public
gpg -a --export-secret-keys KEYID > kris.leech.gpg.private
```
Move the keys on to something like a USB drive and store it safely in another location.
Publish the public key:
```
gpg --keyserver keyserver.ubuntu.com --send-keys KEYID
gpg --keyserver pgp.mit.edu --send-keys KEYID
```
If you need to copy/paste the public key to a key server:
```
xclip -i kris.leech.gpgp.public -selection clipboard
```
Credits:
https://gist.github.com/krisleech/760213ed287ea9da85521c7c9aac1df0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment