Published 2025-04-13
tag(s): #yell-at-cloud #meta #failures
When I was setting up my Gemini capsule I noticed a lot of people in
Geminispace[1] were publishing their GPG keys.
I had seen at least a couple authors in the regular web also publishing theirs, and I
figured it would be nice to have my own set.
So before the capsule went online, I followed a bunch of tutorials, published the keys, and I
received encrypted email from a grand total of ONE (1) person since then (almost two years? a
bit over two years?).
I only remember the command I bound in Gnus to encrypt outgoing email because a couple days
ago I was cleaning up my init.el.
What prompted this post is that, earlier today, I made a joking comment about gpg
in a group chat. And that reminded me that my keys were set to expire some time in 2025.
After renewing the primary key (following a tutorial) I realized I completely forgot I also
had a signing subkey...which of course I never used.
While searching for tutorials for how to extend the subkeys's expiration too, I had this
realization that we have no hope of non-tech people using this correctly. I am no genius, but
for sure I feel comfortable in the command line, and the magic incantations where long-ish.
Of course, much smarter people than me have said it before, for example, Moxie Marlinspike in
this 2015 post. Back when I read
that, I saw it as a curiosity, since I never had bothered with GPG. I don't think I was even
paying for my email back then (around 2020).
But now I can see his point(s) better.
Anyway, I guess that if by the time the keys expire again, I still don't use them, I'll just
let them be.
It was a fun experiment and I learned a bit more about how to use gpg. And at least that makes
it worth it.