Refreshing my GPG-Key

Before my GPG-Key expired, I need to refresh it's expiration date. And push the changed key to various places (local and online).

My key fingerprint is 7405E745574809734800156DB65019C47F7A36F8,

but for the sake of this document, I'll use a variable ${DEBSIGN_KEYID}

Re-setting the expiration date

1gpg --edit-key ${DEBSIGN_KEYID}

Within the gpg prompt, select the main key and the subkey, and set their expiration dates to 2 years from now (2y):

 1gpg> key 0
 2gpg> expire
 32y
 4y
 5
 6gpg> key 1
 7gpg> expire
 82y
 9y
10
11gpg> save

Publishing the changed key via keyservers

keyservers have become rare, but Debian (and Ubuntu/PPA) still use it. So here's how to push the new key:

1gpg --keyserver keyring.debian.org --send-keys ${DEBSIGN_KEYID}
2gpg --keyserver keyring.ubuntu.com --send-keys ${DEBSIGN_KEYID}

Importing the changed key on another computer (cmdline)

1gpg --armor --export-secret-keys ${DEBSIGN_KEYID} | ssh zmoelnig@host gpg --import

Importing the changed key into Thunderbird

First export the private key into a file:

1gpg --armor --export-secret-keys ${DEBSIGN_KEYID} > ${DEBSIGN_KEYID}.asc

Then import the private key into thunderbird:

1. Tools -> OpenPGP Key Manager
2. Select File to Import ...

• select the file ${DEBSIGN_KEYID}.asc you created above

3. Enter the password you gave
4. Done!