Create GPG Primary Key
It's common to delete a primary key once you had back them up and no longer in use in the local system. This section guides you on how to delete the primary key.
Before we start, it is important to note that if you're no longer using the published primary key, you should publish its revocation certificate before deletion. You should still backup that key for a period of time (e.g. 5 years) for your known trustees to propagate the changes.
Deleting Primary Key
Once done, it's time to create sub-keypairs.
Identify Your Primary Key ID
We start off by obtaining your primary key ID and the targeted sub-key. This is by using the following command and find your key:
gpg --list-secret-keys
Example:
$ gpg --list-secret-keys
...
---------------------------
sec rsa4096 2020-01-10 [C]
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
uid [ultimate] "Shotgun" John, Smith <john.smith@company.com>
uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>
ssb rsa4096 2020-01-10 [S] [expires: 2022-01-09]
ssb rsa4096 2020-01-10 [E] [expires: 2022-01-09]
ssb rsa4096 2020-01-10 [A] [expires: 2022-01-09]
ssb ed25519 2020-01-10 [S] [expires: 2022-01-09]
ssb ed25519 2020-01-10 [A] [expires: 2022-01-09]
ssb cv25519 2020-01-10 [E] [expires: 2022-01-09]
In the example above,
- The primary key ID is:
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
. Make sure this is the primary key you wanted to export.
Delete Your Primary Key
Next, use the --delete-secret-and-public-keys <ID>
argument to delete your primary key. If the key does not have any secret key, GnuPG will proceed to delete the public key.
You'll be prompted numerously for deleting the keys. Here's the full command:
$ gpg --delete-secret-and-public-keys <ID>
The output looks similar to the following:
$ gpg --delete-secret-and-public-keys AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec rsa4096/66F2E45747AB2C90 2020-01-10 "Shotgun" John, Smith <john.smith@company.com>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
pub rsa4096/66F2E45747AB2C90 2020-01-10 "Shotgun" John, Smith <john.smith@company.com>
Delete this key from the keyring? (y/N) y
...
$
Verify Key
Now that everything is completed, you can verify your key again using the following command:
$ gpg --list-secrets-key
This will now yield something as such:
...
---------------------------
That's all for deleting GPG Primary Key.