Soemarko Ridwan

iOS & Web Developer ⟡ Coffee Addict ⟡ Scuba Diver


Renew GPG Key

GnuPG logo

It's almost two years since I posted my guide to PasswordStore, I still refer to that post from time to time. If you follow that guide, you'll hit this problem soon enough. Can't encrypt new password because the public key is expired. Well, here's how.

$ gpg --list-keys
$ gpg --edit-key  <fingerprint>

Use the expire command to set a new expire date:

gpg> expire

When prompted type 2y or however long you want the key to last for.

Select all the subkeys (the primary key, which we just set the expires date for, is key 0):

gpg> key 1
gpg> key 2
gpg> expire

A star will appear before all selected keys.

Since the key has changed we now need to trust it, otherwise we get the error "There is no assurance this key belongs to the named user" when using they key:

gpg> trust

Then we just need to export it again and pass it around to another computer or mobile apps.

$ gpg --list-keys
$ gpg --export-secret-keys --armor <fingerprint> > privkey.asc
$ gpg --export --armor <fingerprint> > pubkey.asc