Fluidkeys

Use Fluidkeys to extend your key in GnuPG

Fluidkeys can automatically extend your key expiry and fix issues with keys you’ve made in GnuPG.

Fluidkeys simplifies using PGP in a team. You can send end-to-end encrypted secrets, use pass to store team secrets. Public keys are automatically distributed and trusted within the team.

  1. Install Fluidkeys
  2. Connect Fluidkeys to your key in GnuPG
  3. Extend your key, switch on automatic maintenance
  4. Upload your public key to the keyservers
  5. Optional: automatically upload to the keyservers using cron
  6. Upload your public key to Fluidkeys
  7. Remind your contacts to refresh their keys

Install Fluidkeys

Install Fluidkeys ≥ 1.0

Connect Fluidkeys to your key in GnuPG

Allow Fluidkeys to access your key in GnuPG:

fk key from-gpg

Connecting a key allows Fluidkeys to inspect your key and fix any issues.

Found 1 key with gpg --list-secret-keys:

1.  01CE 9E32 C62C 22A6 ECF1  4CA5 966C 11FE 6B6C 44BC
    Created on 15 March 2019
      

Connect this key? [Y/n]

Type Y to connect Fluidkeys to the key in GnuPG. (If you’ve more than one key in GPG, you can select which you’d like to manage with Fluidkeys.)

Fluidkeys will then list a number of issues it has found for the key.
One of the issues should look like this:

    Primary key needs extending now (expires in 2 days)

Extend your key, switch on automatic maintenance

To extend your key and fix any other issues, run:

fk key maintain

Fluidkeys found 3 issues for tina@example.com:

    Primary key needs extending now (expires in 2 days)
    Key not maintained automatically
    Key not uploaded, unable to receive secrets

Fluidkeys will run the following actions:

     [ ] Load private key from gpg
     [ ] Extend the primary key expiry to 31 May 19
     [ ] Store updated key in gpg
     [ ] Make backup ZIP file

Make a backup of gpg and run these actions? [Y/n]

Answer Y for each of three questions:

  1. Make a backup of gpg and run these actions?
  2. Save password to macOS Keychain / Linux keyring?
  3. Automatically maintain this key from now on?

Once complete, your key will have a new expiry date set to at the end of next month. Fluidkeys will also have updated your cipher, hash and compression preferences to best practice recommendations.

Upload your public key to the keyservers

Remember to upload your updated key to the keyservers:

gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys 'KEY-FINGERPRINT'

Replace KEY-FINGERPRINT with your fingerprint, for example A999 B749 8D1A 8DC4 73E5 3C92 309F 635D AD1B 5517. Make sure it's between quote marks.

Optional: automatically upload to the keyservers using cron

Fluidkeys automatically extends your key every month.

To ensure your key is always up to date in the keyservers, you should use cron to automatically upload the key.

Edit your crontab file:

crontab -e

then add the following line:

@daily gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys 'KEY-FINGERPRINT'

Upload your public key to Fluidkeys

If you’d like to receive secrets using Fluidkeys, you should also upload your key to the Fluidkeys server:

fk key upload

Remind your contacts to refresh their keys

Your contacts will need to refresh your key from the keyservers in order to be able to use your key again.

If a contact says your key has expired, you’ll know what to tell them.


Any trouble, contact help@fluidkeys.com.