Did your existing gpg key pair expire or do you need to upgrade to a higher number of bits?. Just follow the short steps listed below.
Let's start with generating a new key pair:
$ gpg --gen-key
Select the following options
- RSA and RSA (default)
- key length: 4096
- Expiry: 0 (key does not expire)
- enter your name
- enter your e-mail address
- enter a passphrase
Sign your new key using your old key
$ gpg --default-key <old id> --sign-key <new id>
(use gpg --list-keys to see the ids of the keys in your key chain)
Send the newly created public key to a public key-server
$ gpg --keyserver pgp.mit.edu --send-key <new id>
Save revocation certificate and public/private keys into a single file named "print" for printing and storing somewhere save:
$ gpg --armor --gen-revoke <new id> > print
$ gpg --armor --export <new id> >> print
$ gpg --armor --export-secret-key <new id> >> print
Generate a recovation certificate for your old key and revoke it in your key chain and on the server
$ gpg --armor --output revoke.asc --gen-revoke <old id>
$ gpg --import revoke.as
$ gpg --keyserver pgp.mit.edu --send-key <old id>