Keybase is acquired by Zoom on May 7, 2020.
Although I don’t have any evidence why Zoom is not trustworthy, I just don’t. I deleted my account immediately after I saw the news. Since my private keys are all generated by keybase cli and have been synced with it, so I think it’s a good idea to replace them as well.
I currently only use gpg key with pass, git commit sign, an
.authinfo.gpg file used by emacs, and a
.mailpass.gpg file used by
Generate new keys.
This is pretty straightforward, just run
gpg --full-gen-key and follow the instructions, I’m using RSA and RSA with 4096 bits keysize and no expire options.
Do this twice to generate two keys, one for personal use, and one for sign git commits for work.
Find out the <new-key-id> with
Re-encrypt the password store.
First check for
.gpg-id file in the password store directory, if it exists, it should contain the old gpg key-id, just remove it. The just run a
pass init with newly generated key to re-encrypt all password files in it.
cd .password-store rm .gpg-id pass init <new-key-id>
Change git commit signing key.
I have multiple git config with
gitdir: config, just update all
.gitconfig files, replacing the old key id with the new one. If only one git config is used, it can also be changed in terminal.
git config user.signingkey <new-key-id>
Get a public key export by running
gpg --export --armor <new-key-id> | pbcopy
pbcopyis a wrapper I use for save stdout to clipboard.#!/bin/bash if [[ $(uname) == "Darwin" ]]; then /usr/bin/pbcopy else xclip -i -sel c -f |xclip -i -sel p fi
Then go to GitHub/GitLab or any other service needed, add the new pubkey and remove the old key from GPG Key Settings.
Other files encrypted with gpg.
Just do a decrypt and encrypt.
gpg --decrypt -o authinfo.txt .authinfo.gpg gpg --encrypt -o .authinfo.gpg --default-key <new-key-id> authinfo.txt rm authinfo.txt gpg --decrypt -o mailpass.txt .mailpass.gpg gpg --encrypt -o .mailpass.gpg --default-key <new-key-id> mailpass.txt rm mailpass.txt
Remove the old gpg key.
Backup keys in case of something missing from the above steps.
gpg --export --armor <old-key-id> > old_pubkey.asc gpg --export-secret-keys --armor <old-key-id> > old_privkey.asc gpg --delete-secret-and-public-key <old-key-id>
There will be a lot of popups, just hit delete 🙂️.
It’s quite easy I’d say, definitely easier than replacing an Email address or phone number. Be safe.