Restructure Keys.
Raghav Gururajan
rg at raghavgururajan.name
Wed Jun 5 19:06:54 CEST 2024
Hello Folks!
How do I restructure my keys from current/old setup to new setup?
Current/Old Setup:
PrimaryKey - CS
SubKey - E
New Setup:
PrimaryKey - C
SubKey1 - E
Subkey2 - S
I think of two options.
Option 1:
Create new SubKey with E-only and change usage of PrimaryKey to C-only.
The major caveat is I'll have to update the fingerprint of signing key
at multiple places.
Option 2:
Create new PrimaryKey with C-only and add the OldPrimaryKey+OldSubKey as
SubKeys.
I came across this option in this post,
https://security.stackexchange.com/questions/32935/migrating-gpg-master-keys-as-subkeys-to-new-master-key
This way, I don't have to update my signing key fingerprint at multiple
places and continue using same signing key for consistency.
Is Option 2 safe to do so?
I tried something else (Option 3?) that is close to Option 2. I created
new PrimaryKey with C-only. Then by editing new PrimaryKey, I did
'addkey' with the option 'Existing key' and used the keygrip of old
PrimaryKey. The new PrimaryKey now has the old PrimaryKey as its SubKey.
While the migrated key has same keygrip at both places, the fingerprint
differs, which is a bummer (caveat of Option 1).
Thoughts?
Regards,
Raghav "RG" Gururajan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240605/9a06779d/attachment-0001.sig>
More information about the Gnupg-users
mailing list