Renewing gpg keys and subkeys

Table of Contents

Intro

img My encrypted orgmode file in which I store my sensitive information suddenly could be opened, but not edited. When I attempted to save I received:

gpg: D664BA060CCB9D32: skipped: Unusable public key gpg: [stdin]: encryption failed: Unusable public key

A search online indicated that it was probably due to my gpg keys expiring. With a quick update to the process in 2022 and a belief in the value of limited duplication, here is the winning strategy:

  1. find the uid of the keys I care about in the list of keys
  2. use gpg --edit-key <UID>
  3. First select the primary part of the key 0 (you might only need to press 0)
  4. use expire to trigger the renewal, and follow the directions
  5. repeat 3-4 with the subkey key 1
  6. don’t forget to type save, rather that using some C-c to do a shell “exit”. I exited compulsively with the usual way and then had to repeat the whole process, as it didn’t save.

The following did the trick:

<tardis@tardis> org/ 15:13$ gpg --edit CAAB9ACDC9770B30FF43300FD664BA060CCB9D32
option "--edit" is ambiguous
<tardis@tardis> org/ 15:14$ gpg --list-keys
/home/tardis/.gnupg/pubring.gpg
-------------------------------
pub   dsa1024 2013-03-05 [SCA]
      ED4DE7A93E9698EC1C33CF218918410D93AA0F57
uid           [ultimate] tardis <tardis@gmail.com>
sub   elg1024 2013-03-05 [E]

pub   dsa3072 2016-02-08 [SCA]
      D6E18BEDBE3C2B438ED06E9895D8419B051BA865
uid           [ultimate] tardis 2016 (new primary) <mail@tardis.
sub   elg4096 2016-02-08 [E]

pub   rsa2048 2017-09-18 [SC]
      2907E1A9D0531D4F0D768EB2A1CA3D4CC107A617
uid           [ultimate] tardis <tardis_@byu.edu>
sub   rsa2048 2017-09-18 [E]

pub   rsa4096 2016-04-01 [SC]
      65760C51EDEA2017CEA2CA15155B6D79CA56EA34
uid           [ unknown] Caddy Web Server <contact@caddyserver.com>
sub   rsa2048 2016-04-01 [SA] [expires: 2024-03-30]
sub   rsa2048 2016-04-01 [E] [expires: 2024-03-30]

pub   rsa2048 2020-09-15 [SC] [expired: 2022-09-15]
      CAAB9ACDC9770B30FF43300FD664BA060CCB9D32
uid           [ expired] tardis <mail@tardis.com>

############
<tardis@tardis> org/ 15:29$ gpg --edit-key EA8A01D5420AAD34

gpg (GnuPG) 2.2.32; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1). tardis <mail@tardis.com>

gpg> 
sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1). tardis <mail@tardis.com>

gpg> 1

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> 

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> 

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> key 1

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb* rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> key 2
No subkey with index 2

gpg> key 0

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> key 1

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb* rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expired: 2022-09-15  usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

sec  rsa2048/D664BA060CCB9D32
     created: 2020-09-15  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb* rsa2048/EA8A01D5420AAD34
     created: 2020-09-15  expires: never       usage: E   
[ultimate] (1)* tardis <mail@tardis.com>

gpg> save
<tardis@tardis> org/ 15:32$ gpg -vv --list-keys
gpg: using pgp trust model
gpg: key 8918410D93AA0F57: accepted as trusted key
gpg: key 95D8419B051BA865: accepted as trusted key
gpg: key A1CA3D4CC107A617: accepted as trusted key
gpg: key D664BA060CCB9D32: accepted as trusted key
gpg: checking the trustdb
gpg: 5 keys cached (11 signatures)
gpg: 4 keys processed (4 validity counts cleared)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
/home/tardis/.gnupg/pubring.gpg
-------------------------------
pub   rsa2048 2020-09-15 [SC]
      CAAB9ACDC9770B30FF43300FD664BA060CCB9D32
uid           [ultimate] tardis <mail@tardis.com>
sub   rsa2048 2020-09-15 [E]

Resources

https://security.stackexchange.com/questions/53290/gpg-encrypt-fails

Tory Anderson avatar
Tory Anderson
Full-time Web App Engineer, Digital Humanist, Researcher, Computer Psychologist