https://whynothugo.nl/tags/gpg/Recent content in Gpg on WhyNotHugoHugo -- gohugo.ioenMon, 20 Nov 2023 14:12:11 +0800https://whynothugo.nl/journal/2023/07/13/extending-an-expired-gpg-key/Thu, 13 Jul 2023 00:00:00 +0000https://whynothugo.nl/journal/2023/07/13/extending-an-expired-gpg-key/Slightly over a year ago, I set up a new hardware-backed GPG key on my yubikey device. Today I needed to sign a release, and noticed my key expired two days ago. It’s time to renew it. Possible approaches[permalink] When a key expires, there are three alternatives on how to address this: Generate a new key pair. This requires updating my public key everywhere (e.g.: on services that use my public key, in the README for projects where I sign releases, etc), which is somewhat of a nuisance.https://whynothugo.nl/journal/2023/03/13/using-a-yubikey-for-both-gpg-and-totp/Mon, 13 Mar 2023 18:39:00 +0100https://whynothugo.nl/journal/2023/03/13/using-a-yubikey-for-both-gpg-and-totp/I’ve written before on how I use a Yubikey for hardware-based GPG and 2FA on the web. I also use it for TOTP. That is, the Yubikey itself generates those common “authenticator codes” like many other Authenticator apps. But the secret seed is saved into hardware that does not support revealing it, instead of being handled by a regular app on a network-connected device. A nasty issue I’ve been dealing with is that when I signed something using GPG, the key would no longer work for TOTP unless I killed the gpg-agent.