Changing Public PGP Key



  • I have a public PGP key we used for bank file transfers that needs to be changed to a new key for file receipt. If I expire the old key and then load the new key we won't be able to read any of the files before the new key was in effect. Do I need to sign the new key with the old key? How does this work? I've never had to replace one before. I am using GPG.

    Thanks



  • So the only real way to do this is to add the new key as an additional key to the keyring. This sucks, because now I have to edit all of my decryption scripts to point to the specific keyid instead of by username. In the future I will just specify the keyid from the beginning. Lesson learned



  • Don't know if this helps in your application but if you have old files you can just decrypt them with the old key. If it's important to store them in an encrypted state you can encrypt them again with the new key. After that you can revoke the old key.



  • @Pete-S said in Changing Public PGP Key:

    Don't know if this helps in your application but if you have old files you can just decrypt them with the old key. If it's important to store them in an encrypted state you can encrypt them again with the new key. After that you can revoke the old key.

    Yeah I could do that, it just seems unnecessary when you can sign the new key with the old key and decrypt both. Turns out it actually chooses the right key so there is no problem