~/2018/07/30

Adding a new email address to a GPG key

I was not looking forward to figuring this out after changing my email address, but it turns out it's relatively painless.

❯ gpg --edit-key r@rkm.id.au
gpg (GnuPG) 2.2.8; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1). Ruben Maher <r@rkm.id.au>

Use the adduid command:

gpg> adduid
Real name: Ruben Maher
Email address: ruben@maher.fyi
Comment:
You selected this USER-ID:
    "Ruben Maher <ruben@maher.fyi>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1)  Ruben Maher <r@rkm.id.au>
[ unknown] (2). Ruben Maher <ruben@maher.fyi>

Select the new uid and assign ultimate trust:

gpg> uid 2

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1)  Ruben Maher <r@rkm.id.au>
[ unknown] (2)* Ruben Maher <ruben@maher.fyi>

gpg> trust 5
sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1)  Ruben Maher <r@rkm.id.au>
[ unknown] (2)* Ruben Maher <ruben@maher.fyi>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1)  Ruben Maher <r@rkm.id.au>
[ unknown] (2)* Ruben Maher <ruben@maher.fyi>

Select the old uid:

gpg> uid 1

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1)* Ruben Maher <r@rkm.id.au>
[ unknown] (2)* Ruben Maher <ruben@maher.fyi>

This part had me stumped for a bit. You can have more than one uid selected at a time. In the snippet above I have both marked by asterisks, and the first time around GPG prompted me to delete all the uids. Don't do that. Instead, first deselect the new uid:

gpg> uid 2

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ultimate] (1)* Ruben Maher <r@rkm.id.au>
[ unknown] (2). Ruben Maher <ruben@maher.fyi>

Notice that the asterisk disappeared. Now that only uid 1 is selected, you can revoke the old uid:

gpg> revuid
Really revoke this user ID? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  4 = User ID is no longer valid
  Q = Cancel
(Probably you want to select 4 here)
Your decision? 4
Enter an optional description; end it with an empty line:
>
Reason for revocation: User ID is no longer valid
(No description given)
Is this okay? (y/N) y

sec  rsa4096/FDAD61AB3311FA17
     created: 2013-07-26  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/32CFFFCA503FCDAF
     created: 2016-02-07  expires: never       usage: S
ssb  rsa2048/94E372F3DC1FAA3D
     created: 2016-02-07  expires: never       usage: E
ssb  rsa2048/3EA5B5971592B446
     created: 2016-02-07  expires: never       usage: A
[ revoked] (1)  Ruben Maher <r@rkm.id.au>
[ unknown] (2). Ruben Maher <ruben@maher.fyi>

Finally, commit the changes and upload to the keyserver:

gpg> save

~
❯ gpg --send-keys 318320201A66BD7F78C2E729FDAD61AB3311FA17