Best practices for obtaining a new GPG certificate

David Mehler dave.mehler at gmail.com
Fri Mar 19 00:34:50 CET 2021


Hello,

Thanks all. I am definitely wanting a new key.

With regards the info John posted:

gpg --expert --full-gen-key
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card

in the output there's ECC output should I go with an ECC-style key or
RSA? As regards RSA keysize I typically use 4096.

Thanks.
Dave.


On 3/18/21, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 18 Mar 2021 00:06, David Mehler said:
>
>> My existing GPG certificate is going to expire in less than a month.
>> I'd like to know current best practices for obtaining a new one? In
>
> Do you really want a new one?  Usually it is easier to prolong your key.
> By default a new key has an expire data so that unused keys and those
> with forgotten passphrase will eventually expire.  In general you just run
>
>   gpg --quick-set-expire FINGERPRING EXPIREDATE
>
> Expire dat may be something like 5y for 5 years or an explicit date like
> 2024-12-31.
>
> Here is an example
>
>   $ gpg -K A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
>
>   sec   ed25519 2021-03-15 [SC] [expires: 2023-03-15]
>         A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
>   uid           [ unknown] foo at example.de
>   ssb   cv25519 2021-03-15 [E]
>         989ABB95E888956DBD5D7F66C376233B98457556
>
>   $ gpg --quick-set-expire A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8 4y
>
>
>   $ gpg -K A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
>
>   sec   ed25519 2021-03-15 [SC] [expires: 2025-03-17]
>         A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
>   uid           [ unknown] foo at example.de
>   ssb   cv25519 2021-03-15 [E]
>         989ABB95E888956DBD5D7F66C376233B98457556
>
>
> Send the public key then to your peers, keyserver, web key directory, or
> wherever.
>
>
> Shalom-Salam,
>
>    Werner
>
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>



More information about the Gnupg-users mailing list