1.5 KiB
1.5 KiB
creation date | tags | ||||
---|---|---|---|---|---|
2022-01-12 |
|
Creation
Really, set up an expiration date, otherwise you'll end up with non-revokable keys!
Or you do need the revoke@example
trick which is ugly and not really revoking a key.
Generate at least 3072 bit key with an expiration date, e.g. with Seahorse or gpg
command line tool.
Distribution
- Use https://keys.openpgp.org (
hkps://keys.openpgp.org
) because of address validation - SKS Pool is widely used (
hkp://eu.pool.sks-keyservers.net
) and pool syncs automatically - https://pgp.mit.edu slow but has a lot of keys
gpg.conf
keyserver hkp://keys.gnupg.net
keyserver hkps://keys.openpgp.org
keyserver hkp://pool.sks-keyservers.net:11371
keyserver hkp://pgp.mit.edu:11371
Seahorse for GNOME
Search and edit with dconf /desktop/gnome/crypto/pgp/keyservers
:
['hkp://keys.gnupg.net', 'hkps://keys.openpgp.org', 'hkp://pool.sks-keyservers.net:11371', 'hkp://pgp.mit.edu:11371']
Export/Revoke
export MY_GPG_ID=theID
gpg --armor --output public-key.gpg --export $MY_GPG_ID
gpg --armor --output private-key.gpg --export-secret-keys $MY_GPG_ID
gpg --output revocation-certificate.asc --gen-revoke $MY_GPG_ID
# optionally revoke with generated cert
# - import public key first
# - revoke
# - sync with keyserver of your choice
# gpg --import public-key.gpg
gpg --import revocation-certificate.asc
pinentry
Edit your gpg-agent.conf
and for a modernized look of pinentry add
pinentry-program /usr/bin/pinentry-gnome3