Renewing gpg keys and subkeys
Table of Contents
Intro
My encrypted orgmode file in which I store my sensitive information suddenly could be opened, but not edited. When I attempted to save I received:
gpg: D664BA060CCB9D32: skipped: Unusable public key gpg: [stdin]: encryption failed: Unusable public key
A search online indicated that it was probably due to my gpg keys expiring. With a quick update to the process in 2022 and a belief in the value of limited duplication, here is the winning strategy:
- find the uid of the keys I care about in the list of keys
- use
gpg --edit-key <UID>
- First select the primary part of the
key 0
(you might only need to press0
) - use
expire
to trigger the renewal, and follow the directions - repeat 3-4 with the subkey
key 1
- don’t forget to type
save
, rather that using some C-c to do a shell “exit”. I exited compulsively with the usual way and then had to repeat the whole process, as it didn’t save.
The following did the trick:
<tardis@tardis> org/ 15:13$ gpg --edit CAAB9ACDC9770B30FF43300FD664BA060CCB9D32
option "--edit" is ambiguous
<tardis@tardis> org/ 15:14$ gpg --list-keys
/home/tardis/.gnupg/pubring.gpg
-------------------------------
pub dsa1024 2013-03-05 [SCA]
ED4DE7A93E9698EC1C33CF218918410D93AA0F57
uid [ultimate] tardis <tardis@gmail.com>
sub elg1024 2013-03-05 [E]
pub dsa3072 2016-02-08 [SCA]
D6E18BEDBE3C2B438ED06E9895D8419B051BA865
uid [ultimate] tardis 2016 (new primary) <mail@tardis.
sub elg4096 2016-02-08 [E]
pub rsa2048 2017-09-18 [SC]
2907E1A9D0531D4F0D768EB2A1CA3D4CC107A617
uid [ultimate] tardis <tardis_@byu.edu>
sub rsa2048 2017-09-18 [E]
pub rsa4096 2016-04-01 [SC]
65760C51EDEA2017CEA2CA15155B6D79CA56EA34
uid [ unknown] Caddy Web Server <contact@caddyserver.com>
sub rsa2048 2016-04-01 [SA] [expires: 2024-03-30]
sub rsa2048 2016-04-01 [E] [expires: 2024-03-30]
pub rsa2048 2020-09-15 [SC] [expired: 2022-09-15]
CAAB9ACDC9770B30FF43300FD664BA060CCB9D32
uid [ expired] tardis <mail@tardis.com>
############
<tardis@tardis> org/ 15:29$ gpg --edit-key EA8A01D5420AAD34
gpg (GnuPG) 2.2.32; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1). tardis <mail@tardis.com>
gpg>
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1). tardis <mail@tardis.com>
gpg> 1
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg>
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg>
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg> key 1
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg> key 2
No subkey with index 2
gpg> key 0
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg> key 1
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expired: 2022-09-15 usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
sec rsa2048/D664BA060CCB9D32
created: 2020-09-15 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/EA8A01D5420AAD34
created: 2020-09-15 expires: never usage: E
[ultimate] (1)* tardis <mail@tardis.com>
gpg> save
<tardis@tardis> org/ 15:32$ gpg -vv --list-keys
gpg: using pgp trust model
gpg: key 8918410D93AA0F57: accepted as trusted key
gpg: key 95D8419B051BA865: accepted as trusted key
gpg: key A1CA3D4CC107A617: accepted as trusted key
gpg: key D664BA060CCB9D32: accepted as trusted key
gpg: checking the trustdb
gpg: 5 keys cached (11 signatures)
gpg: 4 keys processed (4 validity counts cleared)
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
/home/tardis/.gnupg/pubring.gpg
-------------------------------
pub rsa2048 2020-09-15 [SC]
CAAB9ACDC9770B30FF43300FD664BA060CCB9D32
uid [ultimate] tardis <mail@tardis.com>
sub rsa2048 2020-09-15 [E]
Resources
https://security.stackexchange.com/questions/53290/gpg-encrypt-fails