Following are my notes and how-tos on creating, and managing PGP keys.
Here is a link to a website with some very good information and best practices for managing keys.
Most of this article deals with the concept of setting an expiration date on a set of keys to a reasonable time and how you can update that key as time goes by. You should set a reminder in whatever calendar system you are using to remind you to update the expiration date BEFORE it does actually expire a couple of weeks ahead of time. I typically set my keys to expire in 13 months and set my calendar to remind me after 12 or so months.
Creating a key set and distributing your public key
As mentioned, and when prompted, set a reasonable expiration time. Also create a revocation cert. See the aforementioned link for details.
Create a key
gpg2 --gen-keyList keys
gpg2 --list-keys
/data/home/rchapin/.gnupg/pubring.gpg
-------------------------------------
pub 4096R/E5170CE8 2015-03-26 [expires: 2019-03-14]
uid Ryan Chapin <rchapin@nbinteractive.com>
sub 4096R/-------- 2015-03-26 [expires: 2019-03-14]Distribute Public Key (use hkps, encrypted connection)
gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys E5170CE8Searching for keys and verifying that they have been posted to a public keyserver
List your keys
gpg2 --list-keys
/data/home/rchapin/.gnupg/pubring.gpg
-------------------------------------
pub 4096R/E5170CE8 2015-03-26 [expires: 2019-03-14]
uid Ryan Chapin <rchapin@nbinteractive.com>
sub 4096R/-------- 2015-03-26 [expires: 2019-03-14]The public key for this user is E5170CE8. The 4096R indicates that it is 4096 bits.
Searching for the key
To search for the key via a key server such as https://pgp.mit.edu/ enter the following in the search string
0xE5170CE8
Make sure to prefix the hex value of the key with 0x to indicate to the keyserver that is a hex value and not an ASCII string.
Update the expiration date of a key:
List your keys
gpg2 --list-keys
/data/home/rchapin/.gnupg/pubring.gpg
-------------------------------------
pub 4096R/E5170CE8 2015-03-26 [expires: 2019-03-14]
uid Ryan Chapin <rchapin@nbinteractive.com>
sub 4096R/-------- 2015-03-26 [expires: 2019-03-14]Edit the key
gpg2 --edit-key E5170CE8Select the key to edit, and then run the expire command
Select the amount of time after which the key will expire and follow the prompts to enter your passphrase.
gpg> key 0
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 13m
Key expires at Thu 14 Mar 2019 08:42:22 AM EDT
Is this correct? (y/N) y
You need a passphrase to unlock the secret key for
user: "Ryan Chapin <rchapin@nbinteractive.com>"
4096-bit RSA key, ID E5170CE8, created 2015-03-26Select the sub-key (1) and repeat the process
Save the key
gpg> saveSend the updated key to a keyserver
gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys E5170CE8Or you can export an ASCII-armored PGP key and upload it via a trusted https keyserver.
gpg2 --armor --export <your-email-address> > <your-uid>.ascThen you can upload it via a web interface similar to this one.