12

I currently have a GPG key on my Github account, which I've been using to verify a bunch of commits. Recently, I decided to make a separate signing subkey to keep my master key off of my main PC. However, it doesn't seem like I can update the GPG key on Github to add the new subkey because there is no update option, and if I try to upload it as a new key it complains that it already exists (which it does, but the old one doesn't have my new subkey). Is my only option to delete the key and readd it, but with the subkey this time? Will that unverify all of my existing commits, even after I readd the keys?

Improve this question

1 Answer 1

Reset to default
15

I bit the bullet, and fortunately deleting a GPG key and adding an updated version of the same one one re-verifies all commits that had that key originally.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Is this also true when you remove the signing capability from the primary key?
Did it now myself: I added signing subkeys and removed the signing flag from the primary key that was used for signing Git commits previously. All old commits are now shown as "Unverified" with correct additional info: "The key that signed this doesn't have usage flags that allow signing." Updating keys on GitHub after adding keys works well, but when removing keys or signing flags, all respective commits are unverified. Not sure whether there is a way tell GPG or GitHub that the key did have the signing flag previously and to hence keep showing commits as verified?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.