2024-04-29
Ages ago, I had setup my GPG key and exported the same. The intent, was (and still is!) a setup like below. Recently, my keys expired. Extending the expiry locally was easy enough, but I wanted to document the steps for future reference.
# note that this output is not idempotent so it can be frustrating
gpg --export-secret-key [KEYID] | paperkey --output paperkey.txt# get pubkey
curl -o public-key.asc 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x[KEYID]'
gpg --dearmor public-key.asc# put the key back together
paperkey --pubring public-key.asc.gpg --secrets paperkey.txt --output secret-key.gpg
# import the key
# https://stackoverflow.com/a/55032706/2873157
export GPG_TTY=$(tty)
gpg --import public-key.asc
gpg --import secret-key.gpg
# verify with gpg -K, ssb# for subkeys, ssb for "primary" keygpg --edit-key [KEYID]
> addkey
> 4 # (RSA (sign only))
> 4096 # (4096 bits)
> 5y # (expiry, 5 years)
> addkey
> 6 # (RSA (encrypt only))
> 4096 # (4096 bits)
> 5y # (expiry, 5 years)
> save
gpg --export [KEYID] > public-key.ascthere’s probably a more secure way to this, but right now, I’m just copying the new pubkey and subkey out
gpg --list-secret-keys --keyid-format LONG
gpg -a --export-secret-keys [ENCRYPTION-SUBKEYID]! [SIGNING-SUBKEYID]! > /tmp/subkey.asc
mkdir /tmp/gpg
gpg --homedir /tmp/gpg --import /tmp/subkey.asc
gpg --homedir /tmp/gpg --edit-key [KEYID]
> passwd # (change passphrase)
> save # (no changes, but eh)
gpg --homedir /tmp/gpg -a --export-secret-subkeys [KEYID] > /tmp/subkey.ascgpg --import public-key.asc
gpg --import subkey.asc
gpg --edit-key [KEYID]
> trust
> 5 # (ultimate)
> savegpg --edit-key [KEYID]
> key [N]
> expire
> 5y
# ... repeat for other key
> save
# publish keysgpg --edit-key [KEYID]
> key [N]
> revkey # (revoke key)gpg --keyserver keyserver.ubuntu.com --send-key [KEYID]gpg -a --export [KEYID] > public-key.asc