{{tag>Brouillon}}

= GPG - Renouvellement de clefs

== Revoke

Revoquer ca clef
https://www.gnupg.org/gph/en/manual/c235.html

<code bash>
gpg --gen-revoke 50D12DE07663C664 --output ~/revocation.crt
chmod 600 ~/revocation.crt
</code>

<code bash>
gpg --import ~/.gnupg/email@domain.tld.rev.asc
gpg --export -a your_keyid >mykey.asc
gpg --keyserver subkeys.pgp.net --send 50D12DE07663C664
gpg --keyserver pgp.mit.edu --send-keys mykey
</code>
 
revkey
revsig
save

<code bash>
gpg --import ~/.gnupg/email@domain.tld.public_key.asc ~/.gnupg/email@domain.tld.private_key.asc
gpg --edit-key email@domain.tld
</code>





== Expired


Que faire quand la clef a expirée

https://makandracards.com/makandra-orga/13644-what-to-do-when-your-gpg-pgp-key-expires



<code ->
gpg --edit-key 0x12345678
gpg> expire
...
gpg> save
</code>


<code ->
gpg --edit-key 0x12345678
gpg> key 1
gpg> expire
...
gpg> key 1
gpg> key 2
gpg> expire
...
gpg> save
</code>

== Renew primary key

https://200ok.ch/posts/2019-07-17_update_a_pgp_primary_key.html

https://infra.apache.org/key-transition.html