27

Is it possible to add an email address to an existing GPG key? When I created a key using gpg --gen-key, I left the "Email address" field blank. Now I want to add an email address.

If I have already used the key to encrypt documents and emails, will my key be able to decrypt those documents after I change the email address?

Flux
  • 873
  • 2
  • 9
  • 15

1 Answers1

32

Yes, you can add user IDs. The key is still the same, so you can use it like before. The only difference is that any possibly existing signatures are not valid for the new user IDs.

  1. Find out the key ID using gpg --list-secret-keys --keyid-format=long.
  2. Edit the key with gpg --edit-key <ID>.
  3. On the GnuPG prompt, use gpg> adduid.
  4. Answer to the interactive prompts for details.
  5. Confirm the details.
  6. Passphrase for the key will be asked.
  7. Remember to save with gpg> save.

You could also remove the old user ID without email address using gpg> deluid.

Esa Jokinen
  • 18,957
  • 6
  • 58
  • 61
  • 2
    The trust information is not updated immediately on the new UID (at least on 2.3.7). One should be able to see the actual trust information when listing the keys afterwards though, e.g. gpg --list-secret-keys --keyid-format=long – nietonfir Oct 17 '22 at 11:11
  • 2
    What does any possibly existing signatures are not valid for the new user IDs mean, please? – peter.babic Mar 12 '23 at 17:39
  • 1
    You don't sign the keys but the user IDs in them. Otherwise, someone could add more email addresses and claim they are verified, too. – Esa Jokinen Mar 17 '23 at 14:04
  • In the case of git commits, does this mean that previously signed commits become unsigned? – Iulian Onofrei Apr 02 '23 at 19:26