# Rotation of PGP key Goal: for PGP key associated with role and shared between multiple people (security-officer and similar roles), we would like to have a formalized way of rotating and sharing of the PGP key. ## Assumptions This procedure assumes that all parties are trustworthy and do not deliberately act in malice. ## Terms - Passphrase T1: a temporary passphrase to protect the new PGP key pair - Encryption key passphrase K1: a temporary, symmetry key, to generate the exported ## Procedure - Person A generates the PGP key pair, which is passphrase protected by T1. NOTE: the key should meet latest best practices; as of this writing, we recommend using `Ed25519` with an expiration time of no more than 5 years [1]. - (Optional) Person A derives a revocation certificate, which is shared with a third party, e.g. core@, in case of the unlikely event that the private key is lost and compromised and needs to be revoked. - Person A extracts the PGP key along with the private key, with: `gpg --output so.pgp --export-secret-key security-officer@FreeBSD.org` - Person A encrypts the exported file `so.pgp` with another layer of encryption, with a passhprase K1, and deletes encrypted export in previous step[2]: `openssl enc -aes256 -base64 -in so.pgp -out so.pgp.enc && rm so.pgp` - Person A sends the encrypted file (`so.pgp.enc`) to the recipient, encrypted with the recipient's public PGP key[3]. - Person A sends the passphrase T1, encrypted with recipient's public PGP key, to either a place they have access to (for so@, it's a freebsd-update build server; this can also be their email)[4]. - Person A splits passphrase K1 into two pieces and send to the recipient in two separate channel (e.g. one via email, and the other over phone).[5] ### Recipient - The recipient first decrypt the encrypted `so.pgp.enc` file with their own PGP private key. - The recipient then decrypts the file with: `openssl dec -ase256 -base64 -in so.pgp.enc -out so.pgp && rm so.pgp.enc` with the passphrase K1 received from two channels. - The recipient imports the key to GnuPG: `gpg --import so.pgp` - The recipient changes passphrase from T1 to passphrase of their choice: `gpg --edit-key security-officer@FreeBSD.org` - The recipient destroys `so.pgp` ## Footnotes [1] Ed25519 is the default for GPG; for best compatibility, a 4096-bit RSA key can be used instead, but in 2022, it's likely that this is no longer a concern. The 5 year expiration in this context is an arbitrary value. [2] This step avoids sending the passphrase protected PGP key without an additional layer of encryption (by accident). [3] Encrypting the encrypted file with recipient's PGP key ensures the recipient has control of both their mailbox and the private key. [4] This should be separate; the recipient should get the passphrase and remove them from the server once they got access to it. [5] This step is both authenticating the recipient and to separate risks of leaks; in worst case, the attacker still need to have the other part of the passphrase in order to decrypt the outside wrap.