2022-02-15
My work PGP key needed replacement and using PGP keys in thunderbird with their original passphrases
Today I tried to sign a key with my work PGP key, and after lots of tries the conclusion was that my 2006 work pgp key was too infected with SHA1 signatures that I couldn't remove, so I created a replacement work PGP key. Even a signature for the new key with the old key was rejected. So the new work key:
pub rsa4096/0x36FF19C6159C0262 2022-02-15 [SC] [expires: 2027-02-14] Key fingerprint = 1401 EE9F 25AD 23F1 C299 FD07 36FF 19C6 159C 0262 uid [ultimate] Koos van den Hout <k.vandenhout(at)uu.nl> uid [ultimate] Koos van den Hout <koos(at)surfcert.nl> sub rsa4096/0x918F8E7A170EA93E 2022-02-15 [E] [expires: 2027-02-14]I also signed it with my personal key, and I will try to get more signatures for the new work key to make things work better. Available at PGP key 0x36ff19c6159c0262. There you will see I also signed it with my old work key 0x42216fe29ee949cf but since that signature is also a SHA1 signature the new gpg implementation immediately rejects it. So I should get some signatures from people who have relatively new PGP keys. I've been using PGP since 1993 (29 years now!) and I can see the developments in PGP over the years in my keys. In the process I noticed one thunderbird installation insists on managing PGP keys completely and the other doesn't. Searching for the reason eventually found Use Thunderbird 78 with System GnuPG Keyring and I made sure the option mail.openpgp.allow_external_gnupg was set to true.