Replacing my PGP key
It's time again, I'm replacing my PGP key. Going from RSA 4096 to ed25519.
How did I get here?
I've first started using PGP sometime half a decade ago, and after a few less successful tries (some of which are still unrevoked, without an expiration date), I've generated my first "proper" PGP key 4 years ago. It was on an airgapped device, the active subkeys were transferred to a yubikey and I was using it actively for emails, pass, ssh access and I was quite happy with this setup. So, where did things go wrong?
The first messup was when I "lost" my yubikey. I ordered a backup key, replaced the subkeys with new ones and then wanted to recover my password store by decrypting them with the keys from my airgapped device. Turns out, the version of GnuPG I was using deleted the subkeys from the keyring when transferring them to the YubiKey, so I didn't have a copy of them anymore. Luckily, I've found my old yubikey a few days later, I could decrypt my old data and move on to newer keys.
Next up, there's FOSDEM: I was attending the key signing party their in two years, 2019 and 2020. Each time, I followed the procedure there, but didn't complete the homework of actually signing the keys in either case: In the first case, I left the list unattended at a stand, so obviously I can't sign keys from a list where I don't know whether it's been tampered with. I feel somewhat bad for this, because I wanted to participate productively in the web of trust here. While that one was already embarrassing, the second time was worse: This time, I kept the list safe. I stored it in a sealed envelope both on the way from and to the conference, as well as during the conference. I haven't left it out of sight at any point, to make sure the list was good. Once home again, I ran into other trouble: My server, where I was hosting my email had trouble connecting to the internet. To bring it back online, I moved it from my parents place to my flat, where I moved in a few months prior. Now, I was on a dynamic IP, so I couldn't send mails anymore, because they'd end up in spam everywhere. This delayed it for a few months, and after moving my mail server to a separate provider, I had simply forgot. So, tl;dr: Two key signing parties, no signed keys, and plenty of people who probably don't like that they made the effort and I messed up my part.
Last but not least: Back in November 2019, Yubico released an update to the firmware to their 5-Series YubiKeys, shipping with support for ed25519 keys. Not only do these keys have a higher security level per size, they also perform significantly better. On a modern CPU, this doesn't really matter, but on constrained platform such as a YubiKey, a crypto operation of RSA 4096 takes close to a second, so the tenfold performance improvement really makes a difference in every day usage. I could have gone for just replacing the subkeys, but a mixed keypair kinda felt awkward, so in combination with the previous few reasons, I decided to start with a clean slate.
The new keys
This time, I've done a few things differently:
- I got a backup key immediately, to make sure I don't have any downtime if one becomes unavailable
- I made sure to have encrypted offline backups of my keys on separate physical media.
- I generated revocation certificates for the key, and I have backups of those as well.
What hasn't changed from before, is that I have a completely offline
key, with three subkeys, one each for
Sign. So, as of
now, I've uploaded my new key to keys.openpgp.org and my own homepage, and will
make sure to update WKD entries as well. If you want to try it out, send me a
If you've seen my keybase profile before and check back now, you'll hopefully see a lot less than before. I've reset my account (which is still in progress as of now), so all the verifications and account links from there will be gone. This has a multitude of reasons:
- keybase is proprietary (at least partially)
- keybase is centralized
- keybase got bought by Zoom
- keybase is pushing back PGP in favor of their own keys
- keybase is extending their features too much
I could probably write a whole blog post about that in itself, but summarized, keybase isn't doing what I want anymore, which is just linking online identities to PGP keys.
keyoxide enters chat
Thankfully, I'm not the only one who felt this way, and someone built an alternative that ticks all the boxes: It's a decentralized, FOSS (copyleft!!) solution, which does nothing aside of linking PGP keys to online identities. It already supports more platforms than keybase ever did, although it's even more skewed towards nerdy places than keybase was. It's a bit less polished, the UX is very rough around the edges, but it get's the job done. You can see my profile here, and you know what? There is no additional server component I have to run, there is no accounts, nothing. It fetches the avatar from libravatar, the proofs are embedded into the key itself via notations, and the verification (wherever this is possible) is done client-side. I'm happy with the outcome here, and am looking forward to seeing keyoxide evolve.