On Wed, 2 Jan 2019 11:18:25 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor,
> Revoke your current key locally and generate a new one, now export both binary > keys (that includes revocation) to a file. Place it in > .well-known/openpgpkey/hu > overwriting the old file. > > Now, when GnuPG does --locate-key it will fetch both keys, revoke your old one > and add the new one. Thank you very much, i did not know that it can be done this way. > If someone already has your old key GnuPG will do the fetch automatically when > the old key expires (you didn't use expiry as far as I can see so it won't > happen automatically). > > One can still "force" the WKD refresh using: > > $ gpg --auto-key-locate clear,wkd,nodefault --locate-key s...@300baud.de > > I just tested this all with some dummy key on my end and it worked just > fine... > hope it works on your end too. I hope so too and i will see once i have the new key. > As for signing, if you specify signing key using "e-mail notation" GnuPG will > embed Signer's UID packet and when the recipient uses --auto-key-retrieve it > will grab your key using WKD instead of keyservers. But I didn't test what > would > happen if the old key is already present in the keyring that doesn't match the > signature, probably nothing. That's interesting and i must admit i did not know this either, so thanks again! > (You can inspect this file with pgpdump if you want to see the packet: > $ curl https://metacode.biz/.well-known/security.txt | pgpdump > ) O.k. > Happy New Year! Happy New Year! Best regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users