How to Rotate PGP Keys
PGP is the commercial standard for sending and receiving encrypted email and saving sensitive information on your computer. Using PGP helps prevent unauthorized entities or persons from stealing your information that can result in damage to your business, embarrassment or financial loss. By rotating your PGP key located on your email server, you can rotate your new keys annually on the server and avoid having to repeat fingerprint verification annually when renewing your PGP key.
Other People Are Reading
Instructions
-
-
1
Open your PGP application and select to "Generate a New Key" option. The encryption algorithm should match the type you have used previously. A popular algorithm to use is RSA encryption.
-
2
Choose the key length to use for your key. In the later 2000's, 2048-bit encryption was considered strong enough for protecting your email. This length increases to keep pace with technology, and your PGP application will recommend the appropriate length for you to use. After choosing the key length, set the expiration date to "Never."
-
-
3
Select a strong pass phrase for your new key. Strong pass phrases include numbers, upper and lower case letters and symbols. Then generate your new key.
-
4
Right-click the new key in your PGP key store and choose the "Properties" menu option. Then, click the "Subkeys" tab and choose "Remove."
-
5
Select the "New" menu option and then set the key size to match that of your new key with the start date matching today's date. Then, set the expiration date to 1 year from the generation date and click the "OK" menu button.
-
6
Export your new public key to the key server for your email. This will vary depending on your organization and email configuration. When the key expires, you will need to update the key, and recipients of your email will be able to update your public key from the server on expiration each year.
-
1
