Project:Gentoo-keys/Edit an existing OpenPGP key
Can I use my existing OpenPGP key?
Note that these instructions are only valid if you have a DSA or RSA key with a primary key with bit length of 2048 bits or higher, if the primary key doesn't satisfy this criteria you need to generate a new OpenPGP key. You can check for this using:
user $gpg --list-key nick@gentoo.orgThe key algorithm and length is shown on a line starting with "pub"
If the primary key reports wrong usage flags (other than Certify and possibly Sign or Auth capabilities. A key that reports primary key with encryption capabilities needs to be discarded)
How can I change the expiry of my key?
In order to change the expiry of your key you can use:
user $gpg --edit-key 0xDEADBEEFfollowed by the "expire" command in the interactive view. The expiry should be 900 days or less for the primary key.
How can I add a signing subkey?
In order to add a signing subkey you can use:
user $gpg --edit-key 0xDEADBEEFfollowed by the "addkey" command. Follow the interactive instructions on how to generate a signing subkey.
How can I add my gentoo nick as UserID (UID)?
In order to add a new UserID you can use:
user $gpg --edit-key 0xDEADBEEFfollowed by the "adduid" command. Follow the interactive instructions on how to generate an additional UID.
Submitting a key to a keyserver
After updating your key you need to ensure it is accessible to others by uploading it to a well-maintained keyserver pool.
user $gpg --keyserver pool.sks-keyservers.net --send-key 0xDEADBEEFUpdating LDAP
The full fingerprint of the primary OpenPGP key needs to be recorded as an LDAP entry known as gpgfingerprint. To get your fingerprint you can use:
user $gpg --with-fingerprint --list-key 0xDEADBEEFWhich can be updated on woodpecker using:
user $/usr/local/bin/fix-fp.sh DEVNAME "NEW_FP#1" ["NEWFP#2" ...]If you have added or removed a primary OpenPGP key to LDAP, you must also ask Infra to update Gitolite afterwards!