Menu
I've previously used Git to sign Commit to all commits automatically using the GPG key. And the Git work is on GitHub. A few days ago, my computer suddenly screwed up and I reinstalled my OS. And soon I realized I did not back up my GPG private key. So I want to create a new GPG private / public key pair. Do I have to delete the GPG public key previously created and registered in GitHub? If I had to remove it, did the commits I have done previously fail to be verified?
850
Previously verified commits will not be verified any longer if you delete the old key - Github cannot take a commit to be verified if it does not know the key used to sign it with.
There is no need to delete expired/lost keys as long as you are sure they did not get stolen. You can generate a new keypair and add the new public key on Github next to the old one. Deleting an old public key is advised if you suspect your private key to be compromised and are now afraid someone could use it to fake-sign potentially malicious commits or bypass software-validation mechanisms for your software.
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
