Skip to content

Instantly share code, notes, and snippets.

@codersofthedark

codersofthedark/gpgkeyrenewal.md

Last active March 17, 2022 07:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save codersofthedark/338342a0e35527671f56130d01aad244 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save codersofthedark/338342a0e35527671f56130d01aad244 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. codersofthedark renamed this gist Mar 17, 2022. 1 changed file with 4 additions and 3 deletions.
    7 changes: 4 additions & 3 deletions gpgkeyrenewal.sh → gpgkeyrenewal.md
    View file
    Original file line number Diff line number Diff line change
    @@ -13,15 +13,16 @@ gpg> expire

    When prompted type `1y` (recommended)

    Select all the subkeys (the primary key, which we just set the expires date for, is key 0), A star will sppear before all selected keys.:
    Now, this has expired the primary key (key 0). We need to repeat the process for subkeys.
    Select all the subkeys (A star will appear before all selected keys):

    ```
    gpg> key 1
    gpg> key 2
    gpg> expire
    ```

    Since the key has changed we now need to trust it, otherwise we get the error "There is no assurance this key belongs to the named user" when using they key:
    Since the key has changed we now need to trust it, otherwise we will get the error "There is no assurance this key belongs to the named user" when using the key:

    ```
    gpg> trust
    @@ -38,7 +39,7 @@ cat encry.txt.asc
    #decrytion
    gpg --decrypt encry.txt.asc >> encry.new.txt
    encry.new.txt
    cat encry.new.txt
    ```

    Backup the key:
  2. codersofthedark created this gist Mar 17, 2022.
    67 changes: 67 additions & 0 deletions gpgkeyrenewal.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,67 @@
    # Renew GPG key

    ```
    $ gpg --list-keys
    $ gpg --edit-key KEYID
    ```

    Use the expire command to set a new expire date:

    ```
    gpg> expire
    ```

    When prompted type `1y` (recommended)

    Select all the subkeys (the primary key, which we just set the expires date for, is key 0), A star will sppear before all selected keys.:

    ```
    gpg> key 1
    gpg> key 2
    gpg> expire
    ```

    Since the key has changed we now need to trust it, otherwise we get the error "There is no assurance this key belongs to the named user" when using they key:

    ```
    gpg> trust
    ```

    Test it out:

    ```
    echo "testing encryption" >> encry.txt
    #encrytion
    gpg --encrypt --sign --armor -r something@somewhere.com encry.txt
    cat encry.txt.asc
    #decrytion
    gpg --decrypt encry.txt.asc >> encry.new.txt
    encry.new.txt
    ```

    Backup the key:

    ```
    gpg -a --export KEYID > kris.leech.gpg.public
    gpg -a --export-secret-keys KEYID > kris.leech.gpg.private
    ```

    Move the keys on to something like a USB drive and store it safely in another location.

    Publish the public key:

    ```
    gpg --keyserver keyserver.ubuntu.com --send-keys KEYID
    gpg --keyserver pgp.mit.edu --send-keys KEYID
    ```

    If you need to copy/paste the public key to a key server:

    ```
    xclip -i kris.leech.gpgp.public -selection clipboard
    ```

    Credits:
    https://gist.github.com/krisleech/760213ed287ea9da85521c7c9aac1df0