Adding an user in GPG key is simple and pretty straight forward. Though, Updating information in GPG is to follow Add and Delete step.
$ gpg --list-keys/root/.gnupg/pubring.kbx------------------------pub rsa2048 2024-09-30 [SC] [expires: 2025-09-30]3FFC7E834DABE525D0C21EF9159C52055D4F20BDuid [ultimate] John Doe (This is a Dummy GPG Key for tutorials)sub rsa2048 2024-09-30 [E] [expires: 2025-09-30]
Edit Key:
$ gpg --edit-key 3FFC7E834DABE525D0C21EF9159C52055D4F20BDgpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbHThis is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Secret key is available.sec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1). John Doe (This is a Dummy GPG Key for tutorials)gpg>
Run adduid command
gpg> adduidReal name: Another UserEmail address: another@user.comComment: This is an another user for demoYou selected this USER-ID:"Another User (This is an another user for demo) "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? Osec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1) John Doe (This is a Dummy GPG Key for tutorials)[ unknown] (2). Another User (This is an another user for demo)gpg>
Select the new user (uid 2)
gpg> uid 2sec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1) John Doe (This is a Dummy GPG Key for tutorials)[ unknown] (2)* Another User (This is an another user for demo)
Trust (trust) the new user (uid 2)
gpg> trustsec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1) John Doe (This is a Dummy GPG Key for tutorials)[ unknown] (2)* Another User (This is an another user for demo)Please decide how far you trust this user to correctly verify other users' keys(by looking at passports, checking fingerprints from different sources, etc.)1 = I don't know or won't say2 = I do NOT trust3 = I trust marginally4 = I trust fully5 = I trust ultimatelym = back to the main menuYour decision? 4sec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: full validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1) John Doe (This is a Dummy GPG Key for tutorials)[ unknown] (2)* Another User (This is an another user for demo)Please note that the shown key validity is not necessarily correctunless you restart the program.
Save (save) the changes
gpg> saveroot@f4cedfb94453:~# gpg --list-keysgpg: checking the trustdbgpg: no ultimately trusted keys found/root/.gnupg/pubring.kbx------------------------pub rsa2048 2024-09-30 [SC] [expires: 2025-09-30]3FFC7E834DABE525D0C21EF9159C52055D4F20BDuid [ unknown] Another User (This is an another user for demo)uid [ unknown] John Doe (This is a Dummy GPG Key for tutorials)sub rsa2048 2024-09-30 [E] [expires: 2025-09-30]
Force to run trustdb
You will not see the trust status right away, So, to force that we need to run the trustdb command
$ gpg --check-trustdbgpg: marginals needed: 3 completes needed: 1 trust model: pgpgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2025-09-30$ gpg --list-keys/root/.gnupg/pubring.kbx------------------------pub rsa2048 2024-09-30 [SC] [expires: 2025-09-30]3FFC7E834DABE525D0C21EF9159C52055D4F20BDuid [ultimate] Another User (This is an another user for demo)uid [ultimate] John Doe (This is a Dummy GPG Key for tutorials)sub rsa2048 2024-09-30 [E] [expires: 2025-09-30]
Update User/Email:
Updating the user or email address process include the step 1 which is adding the new user or email address and trust that information as mentioned above commands, then step 2 is to either delete the old user/email id or revoke that.
Edit the key (--edit-key)
$ gpg --edit-key 3FFC7E834DABE525D0C21EF9159C52055D4F20BDgpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbHThis is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Secret key is available.sec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1). Another User (This is an another user for demo)[ultimate] (2) John Doe (This is a Dummy GPG Key for tutorials)
Revoke the userid (revuid)
gpg> uid 2sec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1). Another User (This is an another user for demo)[ultimate] (2)* John Doe (This is a Dummy GPG Key for tutorials)# Running revoke user id for uid 2gpg> revuidReally revoke this user ID? (y/N) yPlease select the reason for the revocation:0 = No reason specified4 = User ID is no longer validQ = Cancel(Probably you want to select 4 here)Your decision? 4Enter an optional description; end it with an empty line:> this user was a dummy user, hence removing it>Reason for revocation: User ID is no longer validthis user was a dummy user, hence removing itIs this okay? (y/N) ysec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1). Another User (This is an another user for demo)[ revoked] (2) John Doe (This is a Dummy GPG Key for tutorials)
Deleting the user id:
Deleting the user id or any information from GPG key is not advisable because we will lost the track why we have made that change. Deleting the information is simple as above commands -
# Selecting the uid 2 (revoked one)gpg> uid 2sec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1). Another User (This is an another user for demo)[ revoked] (2)* John Doe (This is a Dummy GPG Key for tutorials)gpg> deluidReally remove this user ID? (y/N) ysec rsa2048/159C52055D4F20BDcreated: 2024-09-30 expires: 2025-09-30 usage: SCtrust: ultimate validity: ultimatessb rsa2048/547187E858E6854Dcreated: 2024-09-30 expires: 2025-09-30 usage: E[ultimate] (1). Another User (This is an another user for demo)
So, as mentioned before, Updating the information in GPG key is 2 step process which includes add and then delete step. These steps are manual and need to executed by some human, though, we can automate these steps if need to run by some machine user which we will learn in next post.
Till then, Happy Learning !!
ASingh
No comments:
Post a Comment