opsec

Unrevoking your GPG key

2 minute read Published: 2019-01-01

I recently had a bit of a whoopsie - I revoked my key before I had signed my transition statement. With all copies of my keyrings now aflicted how do I get a working version of my key back so I can retrospectively sign the transition statement?

Adding and removing GPG uid's

4 minute read Published: 2017-01-01

A GPG master key can be associated with multiple subkeys and multiple identities. If your key is well signed there is some value in keeping it as your identity evolves. For example, if you became an Apache Foundation committer you might get an @apache.org e-mail address. If you change jobs you might lose one e-mail address but gain another. You don't need to throw away the signatures for the e-mail address you are keeping. Obviously adding a new e-mail address to an existing key does not mean that the new identity is as immediately well trusted.

Managing your GPG keys with an airgapped machine

11 minute read Published: 2016-01-01

I have an offline environment for managing changes to my GPG keys. It's an old laptop with no WIFI card and no permanent internal storage. This is a quick TL;DR summary of what you could do.