~/2018/07/30

Adding a new email address to a GPG key

I was not looking forward to figuring this out after changing my email address, but it turns out it's relatively painless.

  ❯ gpg --edit-key r@rkm.id.au
  gpg (GnuPG) 2.2.8; Copyright (C) 2018 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.

  Secret key is available.

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1). Ruben Maher <r@rkm.id.au>

Use the adduid command:

  gpg> adduid
  Real name: Ruben Maher
  Email address: ruben@maher.fyi
  Comment:
  You selected this USER-ID:
      "Ruben Maher <ruben@maher.fyi>"

  Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1)  Ruben Maher <r@rkm.id.au>
  [ unknown] (2). Ruben Maher <ruben@maher.fyi>

Select the new uid and assign ultimate trust:

  gpg> uid 2

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1)  Ruben Maher <r@rkm.id.au>
  [ unknown] (2)* Ruben Maher <ruben@maher.fyi>

  gpg> trust 5
  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1)  Ruben Maher <r@rkm.id.au>
  [ unknown] (2)* Ruben Maher <ruben@maher.fyi>

  Please decide how far you trust this user to correctly verify other users' keys
  (by looking at passports, checking fingerprints from different sources, etc.)

    1 = I don't know or won't say
    2 = I do NOT trust
    3 = I trust marginally
    4 = I trust fully
    5 = I trust ultimately
    m = back to the main menu

  Your decision? 5
  Do you really want to set this key to ultimate trust? (y/N) y

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1)  Ruben Maher <r@rkm.id.au>
  [ unknown] (2)* Ruben Maher <ruben@maher.fyi>

Select the old uid:

  gpg> uid 1

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1)* Ruben Maher <r@rkm.id.au>
  [ unknown] (2)* Ruben Maher <ruben@maher.fyi>

This part had me stumped for a bit. You can have more than one uid selected at a time. In the snippet above I have both marked by asterisks, and the first time around GPG prompted me to delete all the uids. Don't do that. Instead, first deselect the new uid:

  gpg> uid 2

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ultimate] (1)* Ruben Maher <r@rkm.id.au>
  [ unknown] (2). Ruben Maher <ruben@maher.fyi>

Notice that the asterisk disappeared. Now that only uid 1 is selected, you can revoke the old uid:

  gpg> revuid
  Really revoke this user ID? (y/N) y
  Please select the reason for the revocation:
    0 = No reason specified
    4 = User ID is no longer valid
    Q = Cancel
  (Probably you want to select 4 here)
  Your decision? 4
  Enter an optional description; end it with an empty line:
  >
  Reason for revocation: User ID is no longer valid
  (No description given)
  Is this okay? (y/N) y

  sec  rsa4096/FDAD61AB3311FA17
       created: 2013-07-26  expires: never       usage: SC
       trust: ultimate      validity: ultimate
  ssb  rsa2048/32CFFFCA503FCDAF
       created: 2016-02-07  expires: never       usage: S
  ssb  rsa2048/94E372F3DC1FAA3D
       created: 2016-02-07  expires: never       usage: E
  ssb  rsa2048/3EA5B5971592B446
       created: 2016-02-07  expires: never       usage: A
  [ revoked] (1)  Ruben Maher <r@rkm.id.au>
  [ unknown] (2). Ruben Maher <ruben@maher.fyi>

Finally, commit the changes and upload to the keyserver:

  gpg> save

  ~
  ❯ gpg --send-keys 318320201A66BD7F78C2E729FDAD61AB3311FA17