Skip to content

Instantly share code, notes, and snippets.

@pbrisbin

pbrisbin/refresh.md

Last active June 11, 2024 15:07
Show Gist options
  • Save pbrisbin/074d6e406bd1089bfac1afb93b9c1656 to your computer and use it in GitHub Desktop.
Save pbrisbin/074d6e406bd1089bfac1afb93b9c1656 to your computer and use it in GitHub Desktop.
Download ZIP
Refreshing GPG keys
Raw
refresh.md

These are my own notes for my re-expiration of GPG keys.

1- Mount flashdrive

sudo cryptsetup open /dev/sdb1 --type=tcrypt flashdrive
sudo mkdir -p /mnt/flashdrive
sudo mount /dev/mapper/flashdrive /mnt/flashdrive
export GNUPGHOME=/mnt/flashdrive/gnupg

2- Edit and re-expire

gpg --edit-key 7A4F38C201F43F111C95A9E575481C55CEC8925D
gpg> expire

Choose 1y, save and exit.

3- Send

gpg --send-keys --keyserver hkp://pgp.surf.nl 75481C55CEC8925D

4- Receive

Wait a minute, then in another terminal (normal GNUPGHOME) run:

gpg --refresh-keys --keyserver hkp://pgp.surf.nl 75481C55CEC8925D

Sometimes you have to send/recv specific keys. It'll work eventually.

5- Publish

  • Push to S3
  • Delete, re-add in GitHub: gpg -a --export [email protected] | xclip -selection clipboard

6- Subkeys

If you extend the encryption subkey, you have to copy it:

gpg --list-secret-keys --keyid-format short
gpg --export-secret-keys 33868FEC! >ecryption.key
gpg --import ./encryption.key
schred ./ecryption.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment