Fluidkeys can automatically extend your key expiry and fix issues with keys you’ve made in GnuPG.
Fluidkeys simplifies using PGP in a team. You can send end-to-end encrypted secrets, use
pass to store team secrets. Public keys are automatically distributed and trusted within the team.
Allow Fluidkeys to access your key in GnuPG:
fk key from-gpg Connecting a key allows Fluidkeys to inspect your key and fix any issues. Found 1 key with gpg --list-secret-keys: 1. 01CE 9E32 C62C 22A6 ECF1 4CA5 966C 11FE 6B6C 44BC Created on 15 March 2019
Connect this key? [Y/n]
Y to connect Fluidkeys to the key in GnuPG. (If you’ve more than one key in GPG, you
can select which you’d like to manage with Fluidkeys.)
Fluidkeys will then list a number of issues it has found for the key.
One of the issues should look like this:
▸ Primary key needs extending now (expires in 2 days)
To extend your key and fix any other issues, run:
fk key maintain Fluidkeys found 3 issues for firstname.lastname@example.org: ▸ Primary key needs extending now (expires in 2 days) ▸ Key not maintained automatically ▸ Key not uploaded, unable to receive secrets Fluidkeys will run the following actions: [ ] Load private key from gpg [ ] Extend the primary key expiry to 31 May 19 [ ] Store updated key in gpg [ ] Make backup ZIP file Make a backup of gpg and run these actions? [Y/n]
Y for each of three questions:
Once complete, your key will have a new expiry date set to at the end of next month. Fluidkeys will also have updated your cipher, hash and compression preferences to best practice recommendations.
Remember to upload your updated key to the keyservers:
gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys 'KEY-FINGERPRINT'
KEY-FINGERPRINT with your fingerprint, for example
A999 B749 8D1A 8DC4 73E5 3C92 309F 635D AD1B 5517. Make sure it's between quote marks.
Fluidkeys automatically extends your key every month.
To ensure your key is always up to date in the keyservers, you should use
cron to automatically
upload the key.
Edit your crontab file:
then add the following line:
@daily gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys 'KEY-FINGERPRINT'
If you’d like to receive secrets using Fluidkeys, you should also upload your key to the Fluidkeys server:
fk key upload
Your contacts will need to refresh your key from the keyservers in order to be able to use your key again.
If a contact says your key has expired, you’ll know what to tell them.
Any trouble, contact email@example.com.