Project:Gentoo-keys/Edit an existing OpenPGP key

Can I use my existing OpenPGP key?
Note that these instructions are only valid if you have a DSA or RSA key with a primary key with bit length of 2048 bits or higher, if the primary key doesn't satisfy this criteria you need to generate a new OpenPGP key. You can check for this using:

The key algorithm and length is shown on a line starting with "pub"

If the primary key reports wrong usage flags (other than Certify and possibly Sign or Auth capabilities. A key that reports primary key with encryption capabilities needs to be discarded)

How can I change the expiry of my key?
In order to change the expiry of your key you can use:

followed by the "expire" command in the interactive view. The expiry should be 900 days or less for the primary key.

How can I add a signing subkey?
In order to add a signing subkey you can use:

followed by the "addkey" command. Follow the interactive instructions on how to generate a signing subkey.

How can I add my gentoo nick as UserID (UID)?
In order to add a new UserID you can use:

followed by the "adduid" command. Follow the interactive instructions on how to generate an additional UID.

Submitting a key to a keyserver
After updating your key you need to ensure it is accessible to others by uploading it to a well-maintained keyserver pool.

Updating LDAP
The full fingerprint of the primary OpenPGP key needs to be recorded as an LDAP entry known as gpgfingerprint. To get your fingerprint you can use:

Which can be updated on woodpecker using:

If you have added or removed a primary OpenPGP key to LDAP, you must also ask Infra to update Gitolite afterwards!