Show pagesourceBack to top Share via Share via... Twitter LinkedIn Telegram Yammer RedditRecent ChangesSend via e-MailPrintPermalinkHelp or get help'd × Table of Contents Disambiguation Common operations replace old key with new key QR Codes How do I distribute my pubkey? Keyservers upload with GPG further reading This is an old revision of the document! Pretty Good Privacy Disambiguation OpenPGP PGP GPG (GnuPG) Common operations List private (own) keys gpg -K Quickly extend keys gpg --quick-set-expire ABCDDEADBEEFABCDC0CCABCD42069ABCD7AFFF2 1y (replace with own key and 1y with expiration date or period.) Create a new public/secret key pair gpg --gen-key Export a public key gpg --armor --output <pubkey.gpg> --export <key-id> Export a secret key gpg --armor --output <privkey.gpg> --export-secret-key <key-id> replace old key with new key When replacing one uncompromised key with a newer (typically longer) one, using a transition period when both keys are trustworthy and participate in the web of trust uses trust transitivity to use links to the old key to trust signatures and links created by the new key. During a transition, both keys are trustworthy but you only use the newer one to sign documents and certify links in the web of trust. gpg --expert --full-gen-key (9) ECC and ECC (1) Curve 25519 $PGP_NEWKEY_ID=<ID of new key> $PGP_OLDKEY_ID=<ID of old key> # sign new key with old key gpg --default-key $OLDKEY --sign-key $NEWKEY # sign old key with new key gpg --default-key $NEWKEY --sign-key $OLDKEY # export in ASCII armored format gpg --armor --output $NEWKEY.key --export-secret-key $NEWKEY gpg --armor --output $NEWKEY.pub --export $NEWKEY QR Codes see also: https://github.com/open-keychain/open-keychain/wiki/QR-Codes How do I distribute my pubkey? see also: https://security.stackexchange.com/questions/406/how-should-i-distribute-my-public-key http://www.bauser.com/websnob/keydist Securing Email Communications from Facebook Keyservers SKS Keyservers these have some issues keys.openpgp.org Mailvelope Key Server run by people behind the browser Add-On Mailvelope Set in Enigmail: Settings → Keyservers, enter comma separated list, e.g.: vks://keys.openpgp.org, hkps://keys.mailvelope.com upload with GPG # don't use "vks://" or "hkp://" infront of the domain name! gpg --keyserver keys.example.com --send-keys <key1> <key2> further reading GPG Howto (Ubuntu Community) PGP and you (thoughtbot blog) OpenPGP for complete beginners 15 reasons not to start using PGP (secushare) Last modified: 2021-02-27 22:29