GPG
As many tutorials point out it is better to keep the master key stored in an offline computer and to export subkeys when needed.
In this tutorial we use
a@b.com
as the email that identifies the key0123ABCD
as the fingerprint of the public signing subkey
Renew expiration date of private keys
Vedi anche
Renew and export to file
Run as user |
Instruction number |
|
* |
get the keys. You can use the email as identifier (we are interested in the
uid
which in this case isa@b.com
)gpg --list-keys
edit the keys. You can, for example, extend the master subkey for another 2 years while the signing (
S
), certification (C
) and encryption (E
) subkeys can be extended by 1 year. You will get an interactive interface after running the first commandgpg --edit-key a@b.com key expire 730 key 1 expire 365 key 1 key 2 expire 365 key 2 key 3 expire 365 key 3 save exit
if you only use a subkey you can export it like this.
gpg --export --armor --output 0123ABCD.subkey.txt 0123ABCD!
Importante
Preserve the
!
at the end of the command.A signing subkey is useful, for example, to sign GIT commits.
Nota
There is no need to update the backups or re-export the secret key.
Import
Run as user |
Instruction number |
|
* |
on your other devices you can simply import the subkey like this
gpg --import 0123ABCD.subkey.txt
Add email
Run as user |
Instruction number |
|
* |
edit the key: create a new email and set ultimate trust
gpg --edit-key a@b.com adduid # follow the instructions 2 # the id of the new email (usually 2 if you had only one email before) primary # set the new email as primary trust 5 # set ultimate trust for the new email save exit
re-export and share you public key(s)
Nota
There is no need to update the backups or re-export the secret key.
Troubleshooting
Problem with the agent
Vedi anche
18.04 - gpg: problem with the agent: Permission denied - Ask Ubuntu 3
If you get gpg: problem with the agent: Permission denied
while signing
append pinentry-mode loopback
to ~/.gnupg/gpg.conf
Footnotes
- 1
https://wiki.archlinux.org/title/GnuPG#Extending_expiration_date GNU Free Documentation License 1.3 or later, Copyright (c) ArchWiki contributors
- 2
https://security.stackexchange.com/a/226986 CC BY-SA 4.0, Copyright (c) 2020 qrtLs (at security.stackexchange.com)
- 3
https://askubuntu.com/a/1158297 CC BY-SA 4.0, Copyright (c) 2021 Deathgrip (at askubuntu.com)