Rotate / create new repository signing key #4
Description
As noted by cb on IRC (thx!):
% curl -s https://deb.grml.org/repo-key.gpg |gpg --armor --export |wc -l
769520
Our key is very long as plain text, something newer might be shorter.
Also would be nice to use our repository signing key as-is in /etc/apt/keyrings/ via grml.sources.
Last but not least, our latest signing key change dates back to 2015, and we might consider creating a more modern/fresh one also for security reasons.
FTR:
% gpg keyrings/grml-archive-keyring.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub dsa1024/F61E2E7CECDEA787 2006-11-19 [SC]
709BCE51568573EBC160E590F61E2E7CECDEA787
uid GRML Archive Automatic Signing Key (http://www.grml.org/) <[email protected]>
sub elg2048/896CF7B9B1F9C73E 2006-11-19 [E]
pub rsa4096/21E0CA38EA2EA4AB 2015-08-16 [SC]
05483D2F0A254E5BC12AC73021E0CA38EA2EA4AB
uid Grml Archive Automatic Signing Key (http://www.grml.org/) <[email protected]>
sub rsa4096/DC71A66D2B91DE1F 2015-08-16 [E]
I'd be more than happy for any suggestions regarding best practices in terms of GPG implementation usage, key generation settings and command line options. @anarcat maybe might have valuable input for us here? :)