Add self-signature to an old key which does not have one
If you are a crypto veteran, chances are you have some very old keys around your house. Some of those old keys might not even have a self-signature which can cause pains. This article exlains how to deal with such situations.
GPG Keychain does not import keys which do not have a self-signature. You need to enable expert settings. After that you will be able to import keys without a self-signature.
- create a new UserID for the key in question
- sign your old UserID with the same key
- delete the new UserID
Voilà, your old key now has a self-signature.
To prevent any damage or unwanted action, once you are done, please disable expert settings.
Chances are, that if your key is that old, that it doesn't have a self-signature, it's length is rather short. 1024bit keys should no longer be used. So now is a good time to transition to a new key.
- create a new key (default: 4096bit RSA)
- sign your new key with your old key
- if you want, upload your new public key to the key servers
- wait a day and then tell your friends to use your new key (and update your mail signature, homepage, business card... places where you make references to your public key)
- wait one month and give people time to do the transition on their side
- revoke your old key (and upload the revoked key to the key servers if it was uploaded earlier)