GPG Guides?

Apr. 30, 2024

So it’s time to think of your GPG keys again.

simple solutions

Note: I’ve used the wayback machine for the links, because even in my own notes some of the sites I used have since gone offline.

General GPG Cheat Sheet (gock.net 2020)

common approach (which is likely the widest recommendation):

First off, go ahead and generate a revocation for your current key that you keep in a password wallet. It’s like a burn-letter that if you ever did lose your secret-key or needed to burn your existing key, you can push it. But it requires the secret-key to generate it, so that users and keyservers trust it.

Then when you’re ready to generate a new key, do so, and explicitly “trust” the new from the old, and old from the new, and push that to the keyservers. This is part of the “web of trust” (that really no one pays attention too). Once you have that relationship. You can leave the old key to expire, but really you ought to push the revocation for it (because if someone got the secret-key, they could just bump the expiration date and go nuts with it). Then resume with this new key. If users actually challenged the fact that your key changed, you could point to the handoff.

Guide used:

totally wired approach:

generate a root key that you put on a physical hardware key like a yubikey, and then subkeys from it that you work from.

This is the approach I’m currently trying, and honestly it’s overkill and I’m ready to step it down a notch.

Guides used:

laziest and acceptable option:

if you still have possession of the secret key, you can actually just set a new expiration date … 😁

wrap up

Which GPG guide do you like?

email me (vbatts at hashbangbash.com)

Comments

You can use your Mastodon account to reply to this post. Learn how this is implemented here.

Reply to vbatts's post

With an account on the Fediverse or Mastodon, you can respond to this post. Since Mastodon is decentralized, you can use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one.

Copy and paste this URL into the search field of your favourite Fediverse app or the web interface of your Mastodon server.